package net.risesoft.soa.framework.service.sso.client;

import java.io.IOException;
import java.net.URL;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.risesoft.soa.framework.service.sso.client.addressmapping.AddressMappingStrategy;
import net.risesoft.soa.framework.service.sso.client.addressmapping.ConfigurableAddressMappingStrategy;
import net.risesoft.soa.framework.service.sso.client.addressmapping.internal.DummyAddressMappingStrategy;
import net.risesoft.soa.framework.service.sso.client.addressmapping.internal.InternalAddressMappingStrategy;
import net.risesoft.soa.framework.service.sso.client.addressmapping.internal.ServletAddressMappingStrategy;
import net.risesoft.soa.framework.service.sso.client.addressmapping.internal.util.OsgiUtils;
import net.risesoft.soa.framework.service.sso.client.config.OverrideConfig;
import net.risesoft.soa.framework.service.sso.client.skip.SkipChecker;
import net.risesoft.soa.framework.service.sso.client.skip.impl.CustomUrlSkipChecker;
import net.risesoft.soa.framework.service.sso.client.skip.impl.StaticResourceSkipChecker;
import org.jasig.cas.client.authentication.DefaultGatewayResolverImpl;
import org.jasig.cas.client.authentication.GatewayResolver;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;

/* loaded from: input_file:net/risesoft/soa/framework/service/sso/client/SSOFilter.class */
public class SSOFilter extends AbstractCasFilter {
    public static final String CONST_SSO_TGT = "_sso_tgt_";
    public static final String CONST_LOGIN_UID = "_login_uid_";
    private static final String TGT_COOKIE_NAME = "CASTGC";
    private static final String TGT_COOKIE_PATH = "/sso";
    private String casServerLoginUrl;
    private boolean renew = false;
    private boolean gateway = false;
    private GatewayResolver gatewayStorage = new DefaultGatewayResolverImpl();
    private SkipChecker[] skipCheckers;
    private AddressMappingStrategy addressMappingStrategy;

    private void initSkipCheckers(FilterConfig filterConfig) {
        this.skipCheckers = new SkipChecker[]{new StaticResourceSkipChecker(), new CustomUrlSkipChecker(filterConfig)};
    }

    private void initAddressMappingStrategy(FilterConfig filterConfig) {
        try {
            String initParameter = filterConfig.getInitParameter("addressMappingStrategyClass");
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            if (contextClassLoader != null && initParameter != null) {
                this.addressMappingStrategy = (AddressMappingStrategy) contextClassLoader.loadClass(initParameter).newInstance();
            }
        } catch (Exception e) {
            this.log.warn("加载指定的 addressMappingStrategyClass[" + filterConfig.getInitParameter("addressMappingStrategyClass") + "]出错: " + e.getMessage());
        }
        if (this.addressMappingStrategy == null) {
            String initParameter2 = filterConfig.getInitParameter("addressMappingConfig");
            URL url = null;
            if (initParameter2 != null) {
                try {
                    url = filterConfig.getServletContext().getResource(initParameter2);
                } catch (Exception e2) {
                    this.log.warn("加载指定的 addressMappingConfig[" + initParameter2 + "]出错:", e2);
                }
            }
            if (url != null) {
                this.addressMappingStrategy = new ServletAddressMappingStrategy();
                ((ConfigurableAddressMappingStrategy) this.addressMappingStrategy).setConfigLocation(url);
            }
        }
        if (this.addressMappingStrategy == null) {
            this.addressMappingStrategy = OsgiUtils.inOsgiEnv() ? new InternalAddressMappingStrategy() : new DummyAddressMappingStrategy();
        }
        if (this.addressMappingStrategy instanceof ConfigurableAddressMappingStrategy) {
            ((ConfigurableAddressMappingStrategy) this.addressMappingStrategy).refresh();
        }
    }

    protected void initInternal(FilterConfig filterConfig) throws ServletException {
        initSkipCheckers(filterConfig);
        initAddressMappingStrategy(filterConfig);
        if (isIgnoreInitConfiguration()) {
            return;
        }
        super.initInternal(filterConfig);
        String propertyFromInitParams = getPropertyFromInitParams(filterConfig, "serverName", null);
        String serverName = OverrideConfig.getServerName(null);
        if (serverName != null && !serverName.equals(propertyFromInitParams)) {
            setServerName(serverName);
            this.log.trace("Overriding serverName property from system property: " + serverName);
        }
        String ssoServerLoginUrl = OverrideConfig.getSsoServerLoginUrl(getPropertyFromInitParams(filterConfig, "ssoServerLoginUrl", null));
        setCasServerLoginUrl(ssoServerLoginUrl);
        this.log.trace("Loaded CasServerLoginUrl parameter: " + ssoServerLoginUrl);
        boolean parseBoolean = parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false"));
        setRenew(parseBoolean);
        this.log.trace("Loaded renew parameter: " + parseBoolean);
        boolean parseBoolean2 = parseBoolean(getPropertyFromInitParams(filterConfig, "gateway", "false"));
        setGateway(parseBoolean2);
        this.log.trace("Loaded gateway parameter: " + parseBoolean2);
        String propertyFromInitParams2 = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null);
        if (propertyFromInitParams2 != null) {
            try {
                setGatewayStorage((GatewayResolver) Class.forName(propertyFromInitParams2).newInstance());
            } catch (Exception e) {
                this.log.error(e, e);
                throw new ServletException(e);
            }
        }
    }

    public void init() {
        super.init();
        CommonUtils.assertNotNull(this.casServerLoginUrl, "casServerLoginUrl cannot be null.");
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession(false);
        Assertion assertion = session != null ? (Assertion) session.getAttribute("_const_cas_assertion_") : null;
        for (SkipChecker skipChecker : this.skipCheckers) {
            if (skipChecker.skip(httpServletRequest)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
        }
        resetAddressMapping(servletRequest);
        if (assertion != null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse);
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, getArtifactParameterName());
        boolean hasGatewayedAlready = this.gatewayStorage.hasGatewayedAlready(httpServletRequest, constructServiceUrl);
        if (CommonUtils.isNotBlank(safeGetParameter) || hasGatewayedAlready) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        this.log.debug("no ticket and no assertion found");
        if (this.gateway) {
            this.log.debug("setting gateway attribute in session");
            str = this.gatewayStorage.storeGatewayInformation(httpServletRequest, constructServiceUrl);
        } else {
            str = constructServiceUrl;
        }
        if (str.indexOf(CONST_LOGIN_UID) > 0) {
            int indexOf = str.indexOf(CONST_LOGIN_UID);
            int indexOf2 = str.indexOf(38, indexOf);
            str = indexOf2 < 0 ? str.substring(0, indexOf - 1) : String.valueOf(str.substring(0, indexOf)) + str.substring(indexOf2 + 1, str.length());
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("Constructed service url: " + str);
        }
        String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), str, this.renew, this.gateway);
        saveTGTCookie(httpServletRequest, httpServletResponse);
        String checkLoginUID = checkLoginUID(httpServletRequest, constructRedirectUrl);
        if (this.log.isDebugEnabled()) {
            this.log.debug("redirecting to \"" + checkLoginUID + "\"");
        }
        httpServletResponse.sendRedirect(checkLoginUID);
    }

    private void resetAddressMapping(ServletRequest servletRequest) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        AddressMappingStrategy addressMappingStrategy = this.addressMappingStrategy;
        setServerName(addressMappingStrategy.mappingAppServerAddress(httpServletRequest));
        String mappingSsoLoginAddress = addressMappingStrategy.mappingSsoLoginAddress(httpServletRequest);
        if (mappingSsoLoginAddress == null || mappingSsoLoginAddress.length() <= 0) {
            return;
        }
        setCasServerLoginUrl(String.valueOf(mappingSsoLoginAddress) + "/sso/login");
    }

    private void saveTGTCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, CONST_SSO_TGT);
        if (safeGetParameter == null || safeGetParameter.trim().length() <= 0) {
            return;
        }
        Cookie cookie = new Cookie(TGT_COOKIE_NAME, safeGetParameter);
        cookie.setPath(TGT_COOKIE_PATH);
        httpServletResponse.addCookie(cookie);
    }

    private String checkLoginUID(HttpServletRequest httpServletRequest, String str) {
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, CONST_LOGIN_UID);
        if (safeGetParameter == null || safeGetParameter.trim().length() == 0) {
            safeGetParameter = httpServletRequest.getParameter(CONST_LOGIN_UID);
        }
        if (safeGetParameter == null || safeGetParameter.trim().length() == 0) {
            return str;
        }
        return String.valueOf(str) + (String.valueOf(str.indexOf(63) > 0 ? '&' : '?') + CONST_LOGIN_UID + "=" + safeGetParameter);
    }

    public final void setRenew(boolean z) {
        this.renew = z;
    }

    public final void setGateway(boolean z) {
        this.gateway = z;
    }

    public final void setCasServerLoginUrl(String str) {
        this.casServerLoginUrl = str;
    }

    public final void setGatewayStorage(GatewayResolver gatewayResolver) {
        this.gatewayStorage = gatewayResolver;
    }
}
