package com.tydic.umc.security.filter;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.tydic.umc.security.base.SecurityCommConstant;
import com.tydic.umc.security.base.SecurityRspConstant;
import com.tydic.umc.security.base.UmcMemInfoBO;
import com.tydic.umc.security.base.UmcMemInfoHelper;
import com.tydic.umc.security.base.UmcUserDetails;
import com.tydic.umc.security.constants.UmcSercurityConstants;
import com.tydic.umc.security.jwt.UmcJwt;
import com.tydic.umc.security.jwt.UmcTokenState;
import com.tydic.umc.security.service.GetLogInUserInfoService;
import com.tydic.umc.security.service.LoginTimeServcie;
import com.tydic.umc.security.service.bo.GetLogInUserInfoReqBo;
import com.tydic.umc.security.service.bo.LoginExpTimeReqBO;
import com.tydic.umc.security.service.bo.LoginExpTimeRspBO;
import com.tydic.umc.security.utils.RegexUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Order(2147483645)
@Component
/* loaded from: input_file:com/tydic/umc/security/filter/UmcTokenAuthenticationFilter.class */
public class UmcTokenAuthenticationFilter extends GenericFilterBean {

    @Value("${static.resources}")
    private String staticResources;

    @Value("${login.expTime:7200}")
    private Long expTime;

    @Value("${login.whiteFlag:true}")
    private Boolean whiteFlag;

    @Autowired
    private GetLogInUserInfoService getLogInUserInfoService;

    @Autowired
    private LoginTimeServcie loginTimeServcie;

    @Value("${verify.referer}")
    private String verifyReferer;

    @Value("${login.checkSessionJwt:false}")
    private Boolean checkSessionJwt;

    @Value("${gateway.request.prefix:SAAS_GROUP_DEV}")
    private String gatewayRequestPrefix;

    @Value("${gateway.request.no.auth.pwd:1qaz@WSX}")
    private String gatewayRequestNoAuthPwd;
    private static final String AUTH_FLAG_NO = "0";
    private String[] verifyReferers = null;
    private static final Logger LOGGER = LoggerFactory.getLogger(UmcTokenAuthenticationFilter.class);
    private static final ObjectMapper mapper = new ObjectMapper();
    private static ThreadLocal<Boolean> allowSessionCreation = new ThreadLocal<>();

    @PostConstruct
    public void init() {
        if (StringUtils.isNoneBlank(new CharSequence[]{this.verifyReferer})) {
            this.verifyReferers = this.verifyReferer.split(",");
        }
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException {
        LOGGER.debug("请求头" + mapper.writeValueAsString(httpServletRequest.getParameterMap()));
        String header = httpServletRequest.getHeader("Referer");
        boolean z = true;
        for (String str : this.verifyReferers) {
            if (header == null || header.trim().startsWith(str)) {
                z = false;
                break;
            }
        }
        String header2 = httpServletRequest.getHeader("auth-token");
        LOGGER.debug("查看请求cookie" + mapper.writeValueAsString(httpServletRequest.getCookies()));
        if (StringUtils.isEmpty(header2)) {
            Cookie[] cookies = httpServletRequest.getCookies();
            httpServletRequest.getSession().getId();
            if (cookies != null) {
                for (Cookie cookie : cookies) {
                    if (cookie.getName().equals("auth-token")) {
                        header2 = cookie.getValue();
                    }
                }
            }
        }
        JSONObject jSONObject = new JSONObject();
        JSONObject jSONObject2 = new JSONObject();
        LOGGER.debug("获取当前token" + header2);
        if (header2 != null) {
            String asString = UmcJwt.getPayload(header2).getAsString("whiteList");
            if (!this.whiteFlag.booleanValue()) {
                asString = null;
            }
            LoginExpTimeReqBO loginExpTimeReqBO = new LoginExpTimeReqBO();
            Long l = 0L;
            if (StringUtils.isBlank(asString)) {
                loginExpTimeReqBO.setToken(header2);
                LoginExpTimeRspBO loginExpTime = this.loginTimeServcie.getLoginExpTime(loginExpTimeReqBO);
                LOGGER.debug("调用获取到期时间服务" + JSON.toJSONString(loginExpTime));
                if (SecurityRspConstant.RESP_CODE_SUCCESS.equals(loginExpTime.getRespCode())) {
                    l = loginExpTime.getExpTime();
                    LOGGER.debug("获取到期时间" + l);
                }
            }
            Map<String, Object> validToken = UmcJwt.validToken(header2, l, asString);
            LOGGER.debug("解析完成后参数：" + mapper.writeValueAsString(validToken));
            UmcTokenState tokenState = UmcTokenState.getTokenState((String) validToken.get("state"));
            LOGGER.debug("查看state：" + mapper.writeValueAsString(tokenState));
            switch (tokenState) {
                case VALID:
                    net.minidev.json.JSONObject jSONObject3 = (net.minidev.json.JSONObject) validToken.get("data");
                    httpServletRequest.setAttribute("data", jSONObject3);
                    String asString2 = jSONObject3.getAsString("appCode");
                    if (z && !header.equals(jSONObject3.getAsString("referer"))) {
                        LOGGER.error("疑似CSRF攻击，referer:" + header);
                        httpServletResponse.setContentType("text/html;charset=UTF-8");
                        httpServletResponse.setCharacterEncoding("UTF-8");
                        httpServletResponse.setStatus(403);
                        httpServletResponse.getWriter().print("<font size=6 color=red>对不起，您的请求非法，系统拒绝响应!</font>");
                        return null;
                    }
                    if (this.checkSessionJwt.booleanValue()) {
                        if (!httpServletRequest.getSession().getId().equals(jSONObject3.getAsString("sessionId"))) {
                            jSONObject2.put("respCode", UmcSercurityConstants.LOGIN_FORBIDDEN);
                            jSONObject2.put("respDesc", "登录信息异常");
                            jSONObject.put("data", jSONObject2);
                            break;
                        }
                    }
                    loginExpTimeReqBO.setUserId((Long) jSONObject3.get("userId"));
                    loginExpTimeReqBO.setLoginSource((String) jSONObject3.get(SecurityCommConstant.LOGIN.LOGIN_SOURCE));
                    this.loginTimeServcie.updateLoginExpTime(loginExpTimeReqBO);
                    GetLogInUserInfoReqBo getLogInUserInfoReqBo = new GetLogInUserInfoReqBo();
                    getLogInUserInfoReqBo.setTagId((String) jSONObject3.get("tagId"));
                    getLogInUserInfoReqBo.setUserId((Long) jSONObject3.get("userId"));
                    getLogInUserInfoReqBo.setToken(header2);
                    getLogInUserInfoReqBo.setUri(httpServletRequest.getRequestURI());
                    getLogInUserInfoReqBo.setAppCode(asString2);
                    getLogInUserInfoReqBo.setLoginSource(loginExpTimeReqBO.getLoginSource());
                    UmcUserDetails loginUserInfo = this.getLogInUserInfoService.getLoginUserInfo(getLogInUserInfoReqBo);
                    if (SecurityRspConstant.RESP_CODE_SUCCESS.equals(loginUserInfo.getRespCode())) {
                        return new UsernamePasswordAuthenticationToken(loginUserInfo.getUserDetails(), loginUserInfo.getUserDetails().getPassword(), loginUserInfo.getUserDetails().getAuthorities());
                    }
                    jSONObject2.put("respCode", loginUserInfo.getRespCode());
                    jSONObject2.put("respDesc", loginUserInfo.getRespDesc());
                    jSONObject.put("data", jSONObject2);
                    LOGGER.info(loginUserInfo.getRespCode());
                    break;
                case EXPIRED:
                    jSONObject2.put("respCode", UmcSercurityConstants.LOGIN_FORBIDDEN);
                    jSONObject2.put("respDesc", "登录超时，请重新登录");
                    jSONObject.put("data", jSONObject2);
                    break;
                default:
                    jSONObject2.put("respCode", UmcSercurityConstants.LOGIN_FORBIDDEN);
                    jSONObject2.put("respDesc", "登录信息无效，请重新登录");
                    jSONObject.put("data", jSONObject2);
                    break;
            }
        } else {
            jSONObject2.put("respCode", UmcSercurityConstants.LOGIN_FORBIDDEN);
            jSONObject2.put("respDesc", "登录信息无效，请重新登录");
            jSONObject.put("data", jSONObject2);
        }
        if (UmcSercurityConstants.MENU_FORBIDDEN.equals(jSONObject2.getString("respCode"))) {
            httpServletResponse.setStatus(403);
        } else {
            httpServletResponse.setStatus(401);
        }
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        PrintWriter writer = httpServletResponse.getWriter();
        jSONObject.put("code", "1");
        jSONObject.put("message", SecurityRspConstant.RESP_DESC_ERROR);
        String jSONString = jSONObject.toJSONString();
        LOGGER.debug("走完过滤器打印日志：" + jSONString);
        writer.write(jSONString);
        writer.close();
        return null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        allowSessionCreation.set(true);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        ServletRequest servletRequest2 = null;
        if (isNeedToken(httpServletRequest)) {
            Authentication attemptAuthentication = attemptAuthentication(httpServletRequest, httpServletResponse);
            if (attemptAuthentication == null) {
                return;
            }
            allowSessionCreation.set(false);
            SecurityContextHolder.getContext().setAuthentication(attemptAuthentication);
            servletRequest2 = parameterRequest(httpServletRequest.getHeader("auth-token"), httpServletRequest, httpServletResponse);
            new HashMap(servletRequest2.getParameterMap());
        }
        if (servletRequest2 == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            LOGGER.debug("UmcUserInfoWrapperFilter---1：");
        } else {
            LOGGER.debug("UmcUserInfoWrapperFilter---2：");
            filterChain.doFilter(servletRequest2, httpServletResponse);
        }
    }

    private boolean isNeedToken(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        boolean z = true;
        String header = httpServletRequest.getHeader("auth-flag");
        if (!StringUtils.isBlank(header) && requestURI.startsWith(this.gatewayRequestPrefix) && "0".equals(header) && this.gatewayRequestNoAuthPwd.equals(httpServletRequest.getHeader("auth-pwd"))) {
            z = false;
        }
        if (StringUtils.isNoneBlank(new CharSequence[]{this.staticResources})) {
            for (String str : this.staticResources.split(";")) {
                if (RegexUtils.wildcardEquals(str, requestURI)) {
                    z = false;
                }
            }
        }
        if (RegexUtils.wildcardEquals("**/**/users/signup/**", requestURI)) {
            z = false;
        }
        if (RegexUtils.wildcardEquals("**/**/noauth/**", requestURI)) {
            z = false;
        }
        if (RegexUtils.wildcardEquals("**/**/**/noauth/**", requestURI)) {
            z = false;
        }
        if (RegexUtils.wildcardEquals("**/**/api/token/get", requestURI)) {
            z = false;
        }
        return z;
    }

    private ServletRequest parameterRequest(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        UmcMemInfoBO currentUser = UmcMemInfoHelper.getCurrentUser();
        ParameterRequestWrapper parameterRequestWrapper = null;
        if (currentUser != null) {
            if (LOGGER.isDebugEnabled()) {
            }
            if (currentUser.getUserId() != null && (httpServletRequest instanceof HttpServletRequest)) {
                LOGGER.debug("UmcUserInfoWrapperFilter---自定义包装器：");
                parameterRequestWrapper = new ParameterRequestWrapper(httpServletRequest);
            }
        }
        LOGGER.debug("UmcUserInfoWrapperFilter---requestWrapper：");
        return parameterRequestWrapper;
    }

    public static boolean isAllowSessionCreation() {
        return allowSessionCreation.get().booleanValue();
    }
}
