package com.aistarfish.ucenter.sso.client.shiro.filter;

import com.aistarfish.ucenter.sso.client.biz.RedisClient;
import com.aistarfish.ucenter.sso.client.util.MatchUtil;
import com.aistarfish.ucenter.sso.client.util.RequestParameterUtil;
import com.aistarfish.ucenter.sso.facade.enums.SsoClientTypeEnum;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.Charsets;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.util.CollectionUtils;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

/* loaded from: input_file:com/aistarfish/ucenter/sso/client/shiro/filter/SSOAuthenticationFilter.class */
public class SSOAuthenticationFilter extends AuthenticationFilter {
    private String ssoClientType;
    private String ssoServerUrl;
    private RedisClient redisClient;
    private String ssoAnonUrl;
    private static final Logger LOGGER = LoggerFactory.getLogger(SSOAuthenticationFilter.class);
    private Set<String> controllerUri;

    public SSOAuthenticationFilter(String str, String str2, RedisClient redisClient, String str3) {
        this.ssoClientType = str;
        this.ssoServerUrl = str2;
        this.redisClient = redisClient;
        this.ssoAnonUrl = str3;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        if (containAnon(((HttpServletRequest) servletRequest).getServletPath())) {
            return true;
        }
        Subject subject = getSubject(servletRequest, servletResponse);
        subject.getSession().setAttribute("sso.client.type", this.ssoClientType);
        if (this.ssoClientType.equals(SsoClientTypeEnum.CLIENT.getType())) {
            return validateClient(servletRequest, servletResponse);
        }
        if (this.ssoClientType.equals(SsoClientTypeEnum.SERVER.getType())) {
            return subject.isAuthenticated();
        }
        return false;
    }

    private boolean containAnon(String str) {
        for (String str2 : this.ssoAnonUrl.split(",")) {
            if (!StringUtils.isBlank(str2) && MatchUtil.match(str2, str)) {
                return true;
            }
        }
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        StringBuilder sb = new StringBuilder(this.ssoServerUrl);
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        StringBuffer requestURL = http.getRequestURL();
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        if (!isControllerUrl(http)) {
            out(http2);
            return false;
        }
        if (!this.ssoClientType.equals(SsoClientTypeEnum.CLIENT.getType())) {
            http2.sendRedirect("/");
            return false;
        }
        sb.append("/sso/login").append("?");
        String queryString = http.getQueryString();
        if (StringUtils.isNotBlank(queryString)) {
            requestURL.append("?").append(queryString);
        }
        sb.append("backUrl").append("=").append(URLEncoder.encode(requestURL.toString(), "utf-8"));
        String accessInWechatFlag = getAccessInWechatFlag(http);
        if (StringUtils.equals(accessInWechatFlag, "1")) {
            sb.append("&");
            sb.append("wechatFlag").append("=").append(accessInWechatFlag);
        }
        sb.append("#/");
        http2.sendRedirect(sb.toString());
        return false;
    }

    private void out(ServletResponse servletResponse) {
        servletResponse.setCharacterEncoding(Charsets.UTF_8.name());
        servletResponse.setContentType("text/html;charset=utf-8");
        try {
            PrintWriter writer = servletResponse.getWriter();
            Throwable th = null;
            try {
                try {
                    writer.println("{\"code\":\"00100\",\"desc\":\"登录超时，请刷新重试\",\"success\":false}");
                    writer.flush();
                    if (writer != null) {
                        if (0 != 0) {
                            try {
                                writer.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            writer.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Exception e) {
            LOGGER.error("response json failed", e);
        }
    }

    public boolean isControllerUrl(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        if (null != this.controllerUri) {
            return CollectionUtils.contains(this.controllerUri.iterator(), requestURI);
        }
        synchronized (this) {
            if (null == this.controllerUri) {
                this.controllerUri = new HashSet();
                WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(httpServletRequest.getServletContext());
                if (null == webApplicationContext) {
                    return true;
                }
                for (Map.Entry entry : ((RequestMappingHandlerMapping) webApplicationContext.getBean(RequestMappingHandlerMapping.class)).getHandlerMethods().entrySet()) {
                    RequestMappingInfo requestMappingInfo = (RequestMappingInfo) entry.getKey();
                    if (((HandlerMethod) entry.getValue()).getBeanType().isAnnotationPresent(Controller.class)) {
                        this.controllerUri.addAll(requestMappingInfo.getPatternsCondition().getPatterns());
                    }
                }
            } else {
                LOGGER.info("concurrent access controllerUri, ignore");
            }
            if (null == this.controllerUri) {
                return false;
            }
            return CollectionUtils.contains(this.controllerUri.iterator(), requestURI);
        }
    }

    private boolean validateClient(ServletRequest servletRequest, ServletResponse servletResponse) {
        Session session = getSubject(servletRequest, servletResponse).getSession();
        String obj = session.getId().toString();
        int timeout = ((int) session.getTimeout()) / 1000;
        LOGGER.info("validateClient read ucenter-client-session-id={}", session.getId());
        String str = this.redisClient.get("ucenter-client-session-id_" + session.getId());
        if (!StringUtils.isNotBlank(str)) {
            return false;
        }
        this.redisClient.set("ucenter-client-session-id_" + obj, str, timeout);
        this.redisClient.expireTime("ucenter-client-session-ids_" + str, timeout);
        if (StringUtils.isBlank(servletRequest.getParameter("sso_code"))) {
            return true;
        }
        try {
            WebUtils.toHttp(servletResponse).sendRedirect(RequestParameterUtil.getParameterWithOutCode(WebUtils.toHttp(servletRequest)));
            return false;
        } catch (IOException e) {
            LOGGER.error("局部会话已登录，移除code参数跳转出错：", e);
            return false;
        }
    }

    private String getAccessInWechatFlag(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("user-agent");
        LOGGER.info("login with wx work, current ua:{}", header);
        return StringUtils.containsIgnoreCase(header, "wxwork") ? "1" : "0";
    }
}
