package com.supwisdom.institute.cas.site.drcom.ip.web.flow;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.account.service.AccountService;
import com.supwisdom.institute.cas.site.config.ConfigUtil;
import com.supwisdom.institute.cas.site.drcom.ip.authentication.DrcomIPCredential;
import com.supwisdom.institute.cas.site.drcom.ip.utils.DrcomUtils;
import com.supwisdom.institute.cas.site.qr.code.QrCode;
import com.supwisdom.institute.cas.site.web.flow.actions.CasServerIdentityCookieAction;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.ticket.TicketGrantingTicket;
import org.apereo.cas.web.flow.actions.AbstractAuthenticationAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.inspektr.common.web.ClientInfo;
import org.apereo.inspektr.common.web.ClientInfoHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:com/supwisdom/institute/cas/site/drcom/ip/web/flow/DrcomIPAuthenticationAction.class */
public class DrcomIPAuthenticationAction extends AbstractAuthenticationAction {
    private static final Logger log = LoggerFactory.getLogger(DrcomIPAuthenticationAction.class);

    @Value("${drcom.ip.server.url:}")
    private String serverUrl;

    @Value("${drcom.ip.iusername:}")
    private String iusername;

    @Value("${drcom.ip.sign.key:}")
    private String signKey;

    @Autowired
    private AccountService accountService;
    private final CentralAuthenticationService centralAuthenticationService;
    private final ServicesManager servicesManager;

    public DrcomIPAuthenticationAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, ServicesManager servicesManager, CentralAuthenticationService centralAuthenticationService) {
        super(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy);
        this.servicesManager = servicesManager;
        this.centralAuthenticationService = centralAuthenticationService;
    }

    protected Event doExecute(RequestContext requestContext) {
        Boolean valueOf = Boolean.valueOf(ConfigUtil.instance().getConfigValue("drcom.ip.login.enabled", false));
        requestContext.getFlowScope().put("drcomIPLoginEnabled", valueOf);
        requestContext.getFlowScope().put("drcomIPLoginInfo", ConfigUtil.instance().getConfigValue("drcom.ip.login.info", "校园网"));
        if (!valueOf.booleanValue()) {
            return error();
        }
        ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        if (clientInfo == null || StringUtils.isBlank(clientInfo.getClientIpAddress())) {
            log.warn("DrcomIPAuthenticationAction, clientInfo is null or blank");
            requestContext.getFlowScope().put("drcomIPSuccess", false);
            return error();
        }
        String clientIpAddress = clientInfo != null ? clientInfo.getClientIpAddress() : "unknown.ip";
        String configValue = ConfigUtil.instance().getConfigValue("drcom.ip.login.iprange", (String) null);
        if (StringUtils.isNotBlank(configValue)) {
            boolean z = false;
            String[] split = configValue.split(",");
            int length = split.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str = split[i];
                if (StringUtils.isNotBlank(str) && isInRange(clientIpAddress, str.trim())) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                log.warn("DrcomIPAuthenticationAction, ip [{}] is not in range [{}]", clientIpAddress, configValue);
                requestContext.getFlowScope().put("drcomIPSuccess", false);
                return error();
            }
        }
        String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(requestContext);
        if (StringUtils.isNotBlank(ticketGrantingTicketId)) {
            try {
                TicketGrantingTicket ticket = this.centralAuthenticationService.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
                if (ticket != null && !ticket.isExpired()) {
                    return error();
                }
            } catch (Exception e) {
                return error();
            }
        }
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        WebApplicationService service = WebUtils.getService(requestContext);
        String parameter = httpServletRequestFromExternalWebflowContext.getParameter("drcomUsername");
        Boolean bool = requestContext.getFlowScope().getBoolean("drcomIPSuccess", (Boolean) null);
        String string = requestContext.getFlowScope().getString("drcomIP", (String) null);
        String string2 = requestContext.getFlowScope().getString("drcomAccount", (String) null);
        if (bool == null && StringUtils.isBlank(parameter)) {
            JSONObject queryAccountByIp = DrcomUtils.queryAccountByIp(ConfigUtil.instance().getConfigValue("drcom.ip.server.url", this.serverUrl), ConfigUtil.instance().getConfigValue("drcom.ip.iusername", this.iusername), ConfigUtil.instance().getConfigValue("drcom.ip.sign.key", this.signKey), "S14", clientIpAddress, QrCode.QR_CODE_STATUS_CREATED, QrCode.QR_CODE_STATUS_CREATED, ConfigUtil.instance().getConfigValue("drcom.ip.demo.account", ""));
            if (queryAccountByIp == null) {
                log.warn("DrcomIPAuthenticationAction, drcomAccountInfo is null");
                requestContext.getFlowScope().put("drcomIPSuccess", false);
                return error();
            }
            String string3 = queryAccountByIp.getString("account");
            requestContext.getFlowScope().put("drcomIPSuccess", true);
            requestContext.getFlowScope().put("drcomIP", clientIpAddress);
            requestContext.getFlowScope().put("drcomAccount", string3);
            return error();
        }
        if (!bool.booleanValue() || parameter == null || !parameter.equals(string2)) {
            requestContext.getFlowScope().remove("drcomIPSuccess");
            requestContext.getFlowScope().remove("drcomIP");
            requestContext.getFlowScope().remove("drcomAccount");
            return error();
        }
        Account loadAccountByUsername = this.accountService.loadAccountByUsername(string2);
        DrcomIPCredential drcomIPCredential = new DrcomIPCredential(string, string2, service);
        drcomIPCredential.setAccount(loadAccountByUsername);
        WebUtils.putCredential(requestContext, drcomIPCredential);
        requestContext.getFlowScope().remove("drcomIPSuccess");
        requestContext.getFlowScope().remove("drcomIP");
        requestContext.getFlowScope().remove("drcomAccount");
        return super.doExecute(requestContext);
    }

    private boolean isInRange(String str, String str2) {
        String[] split = str.split("\\.");
        int parseInt = (Integer.parseInt(split[0]) << 24) | (Integer.parseInt(split[1]) << 16) | (Integer.parseInt(split[2]) << 8) | Integer.parseInt(split[3]);
        int i = 32;
        if (str2.indexOf(CasServerIdentityCookieAction.DEFAULT_COOKIE_PATH) > 0) {
            i = Integer.parseInt(str2.replaceAll(".*/", ""));
        }
        int i2 = (-1) << (32 - i);
        String[] split2 = str2.replaceAll("/.*", "").split("\\.");
        return (parseInt & i2) == (((((Integer.parseInt(split2[0]) << 24) | (Integer.parseInt(split2[1]) << 16)) | (Integer.parseInt(split2[2]) << 8)) | Integer.parseInt(split2[3])) & i2);
    }
}
