package com.sanyth.sso.client.validation;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.reflect.TypeToken;
import com.sanyth.sso.client.bean.ClientDetails;
import com.sanyth.sso.client.bean.UserDetails;
import com.sanyth.sso.client.http.HttpClient;
import com.sanyth.sso.client.http.SytClientHttpServletRequestWrapper;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
import java.util.Map;
import java.util.Random;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sanyth/sso/client/validation/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    protected ClientDetails clientDetails;
    protected static String POST = "POST";
    protected static String redirectCallbackUrl = "/sso/client/login";
    protected static String notCheckUrlRegex;
    protected static final String sytAuthUsername = "_currentUsername";

    public void init(FilterConfig filterConfig) throws ServletException {
        initConfiguration(filterConfig);
    }

    /* JADX WARN: Type inference failed for: r2v10, types: [com.sanyth.sso.client.validation.AuthenticationFilter$1] */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            Gson create = new GsonBuilder().create();
            String parameter = httpServletRequest.getParameter("syt_ticket");
            if (!isEmpty(parameter)) {
                String str = null;
                try {
                    str = HttpClient.createRequest(this.clientDetails.getServiceValidateUri(), POST, "syt_ticket=" + parameter);
                } catch (Exception e) {
                    e.printStackTrace();
                }
                JsonObject parse = new JsonParser().parse(str);
                if ("00001".equals(parse.get("code").getAsString())) {
                    throw new ServletException(parse.get("info").getAsString());
                }
                UserDetails userDetails = (UserDetails) new Gson().fromJson(parse.getAsJsonObject("info"), UserDetails.class);
                authorizedSuccess(userDetails, httpServletRequest, httpServletResponse);
                filterChain.doFilter(newRequestWrapper(httpServletRequest, userDetails.getName()), httpServletResponse);
            }
            String parameter2 = httpServletRequest.getParameter("access_token");
            String header = isEmpty(parameter2) ? httpServletRequest.getHeader("access_token") : parameter2;
            if (isEmpty(header)) {
                String requestURI = httpServletRequest.getRequestURI();
                if (!isEmpty(notCheckUrlRegex) && requestURI.matches(notCheckUrlRegex)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } else if (checkIsAuthorized(httpServletRequest, httpServletResponse)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } else {
                    String parameter3 = httpServletRequest.getParameter("code");
                    String parameter4 = httpServletRequest.getParameter("state");
                    if (isEmpty(parameter3)) {
                        String randomStateCode = randomStateCode();
                        cacheState(randomStateCode, httpServletRequest);
                        httpServletResponse.sendRedirect(this.clientDetails.getUserAuthorizationUri() + "?" + ("client_id=" + this.clientDetails.getClientId() + "&response_type=code&state=" + randomStateCode));
                    } else {
                        String cacheState = cacheState(httpServletRequest);
                        if (!isEmpty(cacheState)) {
                            if (isEmpty(parameter4)) {
                                out(httpServletResponse, 401, "Unauthorized");
                                return;
                            } else {
                                if (!cacheState.equals(parameter4)) {
                                    out(httpServletResponse, 401, "Unauthorized");
                                    return;
                                }
                                removeState(httpServletRequest);
                            }
                        }
                        String str2 = null;
                        try {
                            str2 = HttpClient.createRequest(this.clientDetails.getAccessTokenUri(), POST, "grant_type=authorization_code&client_id=" + this.clientDetails.getClientId() + "&client_secret=" + this.clientDetails.getClientSecret() + "&code=" + parameter3);
                        } catch (Exception e2) {
                            e2.printStackTrace();
                            out(httpServletResponse, 500, e2.getMessage());
                        }
                        if (isEmpty(str2)) {
                            out(httpServletResponse, 500, "未获取到access_token信息");
                        } else {
                            getUserByToken((String) ((Map) create.fromJson(str2, new TypeToken<Map<String, String>>() { // from class: com.sanyth.sso.client.validation.AuthenticationFilter.1
                            }.getType())).get("access_token"), filterChain, httpServletRequest, httpServletResponse);
                        }
                    }
                }
            } else {
                getUserByToken(header, filterChain, httpServletRequest, httpServletResponse);
            }
        } catch (Exception e3) {
            throw e3;
        }
    }

    protected void getUserByToken(String str, FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        String str2 = null;
        try {
            str2 = HttpClient.createRequest(this.clientDetails.getUserInfoUri(), POST, "access_token=" + str);
        } catch (Exception e) {
            out(httpServletResponse, 500, e.getMessage());
        }
        UserDetails userDetails = (UserDetails) new Gson().fromJson(str2, UserDetails.class);
        authorizedSuccess(userDetails, httpServletRequest, httpServletResponse);
        filterChain.doFilter(newRequestWrapper(httpServletRequest, userDetails.getName()), httpServletResponse);
    }

    private SytClientHttpServletRequestWrapper newRequestWrapper(HttpServletRequest httpServletRequest, String str) {
        return new SytClientHttpServletRequestWrapper(httpServletRequest, str);
    }

    protected boolean checkIsAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return httpServletRequest.getSession().getAttribute(sytAuthUsername) != null;
    }

    protected void authorizedSuccess(UserDetails userDetails, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.getSession().setAttribute(sytAuthUsername, userDetails.getUsername());
    }

    protected void authorizedFailed(Exception exc, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
    }

    protected void cacheState(String str, HttpServletRequest httpServletRequest) throws ServletException, IOException {
    }

    protected String cacheState(HttpServletRequest httpServletRequest) throws ServletException, IOException {
        return null;
    }

    protected void removeState(HttpServletRequest httpServletRequest) throws ServletException, IOException {
    }

    public void destroy() {
    }

    protected void out(HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setContentType("text/json;charset=UTF-8");
        httpServletResponse.setStatus(i);
        PrintWriter writer = httpServletResponse.getWriter();
        writer.print("{\"code\":\"" + i + "\", \"info\":\"" + str + "\"}");
        writer.flush();
        writer.close();
    }

    protected String randomStateCode() {
        int nextInt = new Random().nextInt(16);
        StringBuilder sb = new StringBuilder();
        char[] charArray = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".toCharArray();
        for (int i = 0; i < nextInt; i++) {
            sb.append(charArray[(int) (Math.random() * 52.0d)]);
        }
        return sb.toString();
    }

    protected String extractToken(HttpServletRequest httpServletRequest) {
        String extractHeaderToken = extractHeaderToken(httpServletRequest);
        if (extractHeaderToken == null) {
            extractHeaderToken = httpServletRequest.getParameter("access_token");
            if (extractHeaderToken != null) {
                httpServletRequest.setAttribute("OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE", "Bearer");
            }
        }
        return extractHeaderToken;
    }

    protected String extractHeaderToken(HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders("Authorization");
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            if (str.toLowerCase().startsWith("Bearer".toLowerCase())) {
                String trim = str.substring("Bearer".length()).trim();
                httpServletRequest.setAttribute("OAuth2AuthenticationDetails.ACCESS_TOKEN_TYPE", str.substring(0, "Bearer".length()).trim());
                int indexOf = trim.indexOf(44);
                if (indexOf > 0) {
                    trim = trim.substring(0, indexOf);
                }
                return trim;
            }
        }
        return null;
    }

    private static String replacePostfix(String str) {
        return str.endsWith("/") ? replacePostfix(str.substring(0, str.length() - 1)) : str;
    }

    public void initConfiguration(FilterConfig filterConfig) throws ServletException {
        this.clientDetails = new ClientDetails();
        this.clientDetails.setClientId(filterConfig.getInitParameter("clientId"));
        this.clientDetails.setClientSecret(filterConfig.getInitParameter("clientSecret"));
        String initParameter = filterConfig.getInitParameter("serverName");
        if (isEmpty(this.clientDetails.getClientId())) {
            throw new ServletException("clientId is required.");
        }
        if (isEmpty(this.clientDetails.getClientSecret())) {
            throw new ServletException("clientSecret is required.");
        }
        if (isEmpty(initParameter)) {
            throw new ServletException("serverName is required.");
        }
        String replacePostfix = replacePostfix(initParameter);
        this.clientDetails.setAccessTokenUri(replacePostfix + "/oauth/token");
        this.clientDetails.setUserAuthorizationUri(replacePostfix + "/oauth/authorize");
        this.clientDetails.setUserInfoUri(replacePostfix + "/user/me");
        this.clientDetails.setServiceValidateUri(replacePostfix + "/serviceValidate");
        notCheckUrlRegex = filterConfig.getInitParameter("notCheckUrlRegex");
    }

    protected static boolean isEmpty(Object obj) {
        return obj == null || "".equals(obj);
    }
}
