package com.aistarfish.ucenter.sso.client.shiro.filter;

import com.aistarfish.ucenter.sso.client.biz.RedisClient;
import com.aistarfish.ucenter.sso.client.util.MatchUtil;
import com.aistarfish.ucenter.sso.client.util.RequestParameterUtil;
import com.aistarfish.ucenter.sso.facade.enums.SsoClientTypeEnum;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:com/aistarfish/ucenter/sso/client/shiro/filter/SSOAuthenticationFilter.class */
public class SSOAuthenticationFilter extends AuthenticationFilter {
    private static final Logger log = LogManager.getLogger(SSOAuthenticationFilter.class);
    private String ssoClientType;
    private String ssoServerUrl;
    private RedisClient redisClient;
    private String ssoAnonUrl;

    public SSOAuthenticationFilter(String str, String str2, RedisClient redisClient, String str3) {
        this.ssoClientType = str;
        this.ssoServerUrl = str2;
        this.redisClient = redisClient;
        this.ssoAnonUrl = str3;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        if (containAnon(((HttpServletRequest) servletRequest).getServletPath())) {
            return true;
        }
        Subject subject = getSubject(servletRequest, servletResponse);
        subject.getSession().setAttribute("sso.client.type", this.ssoClientType);
        if (this.ssoClientType.equals(SsoClientTypeEnum.CLIENT.getType())) {
            return validateClient(servletRequest, servletResponse);
        }
        if (this.ssoClientType.equals(SsoClientTypeEnum.SERVER.getType())) {
            return subject.isAuthenticated();
        }
        return false;
    }

    private boolean containAnon(String str) {
        for (String str2 : this.ssoAnonUrl.split(",")) {
            if (!StringUtils.isBlank(str2) && MatchUtil.match(str2, str)) {
                return true;
            }
        }
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        servletRequest.getServletContext().getContextPath();
        StringBuffer stringBuffer = new StringBuffer(this.ssoServerUrl);
        if (this.ssoClientType.equals(SsoClientTypeEnum.SERVER.getType())) {
            WebUtils.toHttp(servletResponse).sendRedirect(stringBuffer.append("/sso/login/#/login").toString());
            return false;
        }
        stringBuffer.append("/sso/login/#/").append("?");
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        StringBuffer requestURL = http.getRequestURL();
        String queryString = http.getQueryString();
        if (StringUtils.isNotBlank(queryString)) {
            requestURL.append("?").append(queryString);
        }
        stringBuffer.append("backUrl").append("=").append(URLEncoder.encode(requestURL.toString(), "utf-8"));
        WebUtils.toHttp(servletResponse).sendRedirect(stringBuffer.toString());
        return false;
    }

    private boolean validateClient(ServletRequest servletRequest, ServletResponse servletResponse) {
        Subject subject = getSubject(servletRequest, servletResponse);
        Session session = subject.getSession();
        String obj = session.getId().toString();
        int timeout = ((int) session.getTimeout()) / 1000;
        log.info("validateClient read ucenter-client-session-id={}", session.getId());
        String str = this.redisClient.get("ucenter-client-session-id_" + session.getId());
        if (StringUtils.isNotBlank(str)) {
            this.redisClient.set("ucenter-client-session-id_" + obj, str, timeout);
            this.redisClient.expireTime("ucenter-client-session-ids_" + str, timeout);
            if (StringUtils.isBlank(servletRequest.getParameter("sso_code"))) {
                return true;
            }
            try {
                WebUtils.toHttp(servletResponse).sendRedirect(RequestParameterUtil.getParameterWithOutCode(WebUtils.toHttp(servletRequest)));
            } catch (IOException e) {
                log.error("局部会话已登录，移除code参数跳转出错：", e);
            }
        }
        String parameter = servletRequest.getParameter("sso_code");
        if (!StringUtils.isNotBlank(parameter)) {
            return false;
        }
        try {
            StringBuffer stringBuffer = new StringBuffer(this.ssoServerUrl);
            DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
            HttpPost httpPost = new HttpPost(stringBuffer.toString() + "/sso/code");
            ArrayList arrayList = new ArrayList();
            arrayList.add(new BasicNameValuePair("sso_code", parameter));
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
            HttpResponse execute = defaultHttpClient.execute(httpPost);
            if (execute.getStatusLine().getStatusCode() == 200) {
                JSONObject parseObject = JSONObject.parseObject(EntityUtils.toString(execute.getEntity()));
                if (1 == parseObject.getIntValue("sso_code") && parseObject.getString("data").equals(parameter)) {
                    this.redisClient.set("ucenter-client-session-id_" + obj, parameter, timeout);
                    this.redisClient.sadd("ucenter-client-session-ids_" + parameter, obj, timeout);
                    log.debug("当前code={}，对应的注册系统个数：{}个", parameter, this.redisClient.sSize("ucenter-client-session-ids_" + parameter));
                    String parameterWithOutCode = RequestParameterUtil.getParameterWithOutCode(WebUtils.toHttp(servletRequest));
                    try {
                        subject.login(new UsernamePasswordToken(servletRequest.getParameter("sso_username"), ""));
                        WebUtils.toHttp(servletResponse).sendRedirect(parameterWithOutCode);
                        return true;
                    } catch (IOException e2) {
                        log.error("已拿到code，移除code参数跳转出错：", e2);
                    }
                } else {
                    log.warn(parseObject.getString("data"));
                }
            }
            return false;
        } catch (IOException e3) {
            log.error("验证token失败：", e3);
            return false;
        }
    }
}
