package com.alibaba.buc.sso.client.filter;

import com.alibaba.buc.sso.client.log.LogClient;
import com.alibaba.buc.sso.client.util.BucSSOClientUtil;
import com.alibaba.buc.sso.client.util.FilterManager;
import com.alibaba.buc.sso.client.util.SimpleUserUtil;
import com.alibaba.buc.sso.client.vo.BucSSOUser;
import com.alibaba.buc.sso.client.vo.HeartBeatSSOToken;
import com.alibaba.platform.buc.sso.common.SSOException;
import com.alibaba.platform.buc.sso.common.constants.BucSSOConstants;
import com.alibaba.platform.buc.sso.common.dto.LogContext;
import com.alibaba.platform.buc.sso.common.dto.TokenUserDTO;
import com.alibaba.platform.buc.sso.common.tool.BucSSOUtil;
import com.alibaba.platform.buc.sso.common.tool.CookieUtil;
import com.alibaba.platform.buc.sso.common.tool.HTTPUtil;
import com.alibaba.platform.buc.sso.common.tool.RegexUtil;
import java.io.IOException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.validator.routines.InetAddressValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/buc.sso.client-1.1.2.jar:com/alibaba/buc/sso/client/filter/SSOFilter.class */
public class SSOFilter implements Filter {
    protected static final Logger log = LoggerFactory.getLogger(SSOFilter.class);
    private Map<String, String> initParams;

    @Override // javax.servlet.Filter
    public void destroy() {
        LogClient.shutdown();
        if (log.isWarnEnabled()) {
            log.warn("destroy filter");
        }
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        long currentTimeMillis = System.currentTimeMillis();
        try {
            SimpleUserUtil.removeLocalBucSSOUser();
            if (StringUtils.isNotBlank(FilterManager.getEncoding())) {
                httpServletRequest.setCharacterEncoding(FilterManager.getEncoding());
                httpServletResponse.setCharacterEncoding(FilterManager.getEncoding());
            }
            if (isExcludeRequestByMethod(httpServletRequest)) {
                filterChain.doFilter(servletRequest, servletResponse);
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
                return;
            }
            String requestParameter = BucSSOClientUtil.getRequestParameter(httpServletRequest, BucSSOConstants.SSO_TICKET);
            BucSSOClientUtil.getRequestParameter(httpServletRequest, BucSSOConstants.DING_CORP_ID);
            String trimToEmpty = StringUtils.trimToEmpty(httpServletRequest.getRequestURI());
            boolean z = StringUtils.isNotBlank(requestParameter) || trimToEmpty.contains(BucSSOConstants.SEND_BUC_SSO_TOKEN) || trimToEmpty.contains(BucSSOConstants.BUC_SSO_LOGOUT);
            boolean isRequestIgnored = FilterManager.getSsoCallback().isRequestIgnored(httpServletRequest, httpServletResponse);
            if (httpServletResponse.isCommitted()) {
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
                return;
            }
            if (!z && isRequestIgnored) {
                filterChain.doFilter(servletRequest, servletResponse);
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
                return;
            }
            if (!z && RegexUtil.isMatched(FilterManager.getExclusionPatterns(), trimToEmpty)) {
                filterChain.doFilter(servletRequest, servletResponse);
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
                return;
            }
            httpServletRequest.setAttribute(BucSSOConstants.SSO_TICKET_USER, null);
            if (StringUtils.isNotBlank(requestParameter) && BucSSOClientUtil.handleBucSsoToken(requestParameter, FilterManager.getAppCode(), httpServletRequest, httpServletResponse)) {
                filterChain.doFilter(servletRequest, servletResponse);
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
                return;
            }
            String fullUrl = BucSSOClientUtil.getFullUrl(httpServletRequest);
            if (trimToEmpty.contains(BucSSOConstants.SEND_BUC_SSO_TOKEN)) {
                Map<String, String> splitQueryString = HTTPUtil.splitQueryString(httpServletRequest.getQueryString());
                if (splitQueryString == null || splitQueryString.isEmpty()) {
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                }
                String str = splitQueryString.get(BucSSOConstants.SSO_TOKEN);
                String str2 = splitQueryString.get(BucSSOConstants.BACK_URL);
                if (StringUtils.isBlank(str) || StringUtils.isBlank(str2)) {
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                }
                String decode = URLDecoder.decode(str2, "UTF-8");
                if (!HTTPUtil.getHost(fullUrl).equals(HTTPUtil.getHost(decode))) {
                    httpServletResponse.sendRedirect(String.format(FilterManager.getErrorUrl(), Integer.valueOf(BucSSOConstants.ERROR_1401), URLEncoder.encode(fullUrl, "UTF-8")));
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                }
                BucSSOClientUtil.handleSSOLogin(str, httpServletRequest, httpServletResponse);
                if (httpServletResponse.isCommitted()) {
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                } else {
                    httpServletResponse.sendRedirect(decode);
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                }
            }
            if (trimToEmpty.contains(BucSSOConstants.BUC_SSO_LOGOUT)) {
                BucSSOClientUtil.handleSSOLogout(httpServletRequest, httpServletResponse);
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
                return;
            }
            if (trimToEmpty.contains(BucSSOConstants.BUC_SSO_REFRESH_DATA)) {
                Map<String, String> splitQueryString2 = HTTPUtil.splitQueryString(httpServletRequest.getQueryString());
                if (splitQueryString2 == null || splitQueryString2.isEmpty()) {
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                }
                String str3 = splitQueryString2.get(BucSSOConstants.SSO_REQUEST_VAR);
                String str4 = splitQueryString2.get(BucSSOConstants.SSO_REQUEST_VALUE);
                if (!StringUtils.equalsIgnoreCase(str3, "lang")) {
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                } else {
                    BucSSOClientUtil.changeLang(httpServletRequest, httpServletResponse, StringUtils.trimToEmpty(str4));
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                }
            }
            boolean checkUser = FilterManager.getSsoCallback().checkUser(httpServletRequest, httpServletResponse);
            HeartBeatSSOToken heartBeatSSOToken = null;
            if (!checkUser && FilterManager.getRecoverUserInterval() > 0) {
                try {
                    heartBeatSSOToken = BucSSOClientUtil.getHeartBeatSSOToken(httpServletRequest);
                    if (heartBeatSSOToken != null && System.currentTimeMillis() - heartBeatSSOToken.getLastHeartBeatTime() > FilterManager.getRecoverUserInterval() && BucSSOClientUtil.handleSSOLogin(heartBeatSSOToken.getSsoToken(), false, httpServletRequest, httpServletResponse)) {
                        if (!httpServletResponse.isCommitted()) {
                            checkUser = true;
                        }
                    }
                } catch (Exception e) {
                    log.error(e.getMessage(), (Throwable) e);
                }
            }
            if (httpServletResponse.isCommitted()) {
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
                return;
            }
            boolean checkCorp = FilterManager.getSsoCallback().checkCorp(httpServletRequest, httpServletResponse);
            if (!FilterManager.getSsoAvailable()) {
                if (!checkUser) {
                    doRedirect(httpServletRequest, httpServletResponse, filterChain, fullUrl);
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                } else if (!BucSSOClientUtil.isCorpCheckEnable() || checkCorp) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                } else {
                    log.info("corp cookie not exist and, go to redirect");
                    doRedirect(httpServletRequest, httpServletResponse, filterChain, fullUrl);
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                }
            }
            if (checkUser) {
                if (BucSSOClientUtil.isCorpCheckEnable() && !checkCorp) {
                    log.info("corp cookie not exist, go to redirect");
                    doRedirect(httpServletRequest, httpServletResponse, filterChain, fullUrl);
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                }
                Cookie cookie = CookieUtil.getCookie(FilterManager.getSSOTokenCookieNameV2(), httpServletRequest);
                if (heartBeatSSOToken == null) {
                    try {
                        try {
                            heartBeatSSOToken = BucSSOClientUtil.decodeHeartBeatSSOToken(cookie);
                        } catch (IOException e2) {
                            log.error("error throws by " + FilterManager.getAppName() + ": " + e2.getMessage(), (Throwable) e2);
                            throw e2;
                        }
                    } catch (SSOException e3) {
                        if (cookie != null) {
                            CookieUtil.removeCookie(cookie.getName(), "/", FilterManager.getSsoCookieDomain(), httpServletResponse);
                        }
                        String reWriteRequestUrl = FilterManager.getSsoCallback().reWriteRequestUrl(httpServletRequest, httpServletResponse, FilterManager.getSsoLogoutUrl());
                        log.error("cookie error throws by " + FilterManager.getAppName() + " and exception is:" + e3.getMessage() + " go to redirect:" + reWriteRequestUrl);
                        httpServletResponse.sendRedirect(reWriteRequestUrl);
                        log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                        SimpleUserUtil.removeLocalBucSSOUser();
                        return;
                    } catch (ServletException e4) {
                        log.error("error throws by " + FilterManager.getAppName() + ": " + e4.getMessage(), (Throwable) e4);
                        throw e4;
                    }
                }
                if (!heartBeatExpire(heartBeatSSOToken)) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                    SimpleUserUtil.removeLocalBucSSOUser();
                    return;
                } else if (updateSSOToken(heartBeatSSOToken, httpServletRequest, httpServletResponse)) {
                    if (httpServletResponse.isCommitted()) {
                        log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                        SimpleUserUtil.removeLocalBucSSOUser();
                        return;
                    } else {
                        filterChain.doFilter(servletRequest, servletResponse);
                        log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                        SimpleUserUtil.removeLocalBucSSOUser();
                        return;
                    }
                }
            }
            if (FilterManager.getSsoCallback().doClientDefinedRedirect(httpServletRequest, httpServletResponse)) {
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
            } else {
                doRedirect(httpServletRequest, httpServletResponse, filterChain, fullUrl);
                log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
                SimpleUserUtil.removeLocalBucSSOUser();
            }
        } catch (Throwable th) {
            log(httpServletRequest, System.currentTimeMillis() - currentTimeMillis);
            SimpleUserUtil.removeLocalBucSSOUser();
            throw th;
        }
    }

    private void doRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str) throws IOException, ServletException {
        if (BucSSOClientUtil.buildJsonBackContent(httpServletRequest, httpServletResponse)) {
            return;
        }
        String reWriteRequestUrl = FilterManager.getSsoCallback().reWriteRequestUrl(httpServletRequest, httpServletResponse, BucSSOClientUtil.builderRedirectSso(str, httpServletRequest, httpServletResponse));
        if (BucSSOClientUtil.handleRedirect(httpServletRequest, httpServletResponse, filterChain, str, reWriteRequestUrl, new HashMap(0))) {
            return;
        }
        httpServletResponse.sendRedirect(reWriteRequestUrl);
    }

    private boolean isExcludeRequestByMethod(HttpServletRequest httpServletRequest) {
        if ("OPTIONS".equalsIgnoreCase(httpServletRequest.getMethod())) {
            return true;
        }
        return BucSSOUtil.isSetContainsValue(FilterManager.getMethodExclusions(), httpServletRequest.getMethod());
    }

    private boolean heartBeatExpire(HeartBeatSSOToken heartBeatSSOToken) throws SSOException {
        if (heartBeatSSOToken == null) {
            return true;
        }
        long currentTimeMillis = System.currentTimeMillis();
        return currentTimeMillis - heartBeatSSOToken.getLastHeartBeatTime() > ((long) BucSSOConstants.HEART_BEAT_TIME) || currentTimeMillis - heartBeatSSOToken.getLastHeartBeatTime() < 0;
    }

    private boolean updateSSOToken(HeartBeatSSOToken heartBeatSSOToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SSOException {
        if (heartBeatSSOToken == null) {
            return false;
        }
        try {
            String reWriteRequestUrl = FilterManager.getSsoCallback().reWriteRequestUrl(httpServletRequest, httpServletResponse, FilterManager.getSsoTokenApi());
            TokenUserDTO renewToken = BucSSOUtil.renewToken(reWriteRequestUrl, heartBeatSSOToken.getSsoToken(), "", false);
            if (renewToken == null || StringUtils.isBlank(renewToken.getToken())) {
                log.info("updateSSOToken fail,originToken" + heartBeatSSOToken.getSsoToken() + " requestUrl:" + reWriteRequestUrl);
                return false;
            }
            try {
                BucSSOClientUtil.handleLoginCookies(renewToken, httpServletRequest, httpServletResponse);
                FilterManager.getSsoCallback().afterHeartBeatTime(httpServletRequest, httpServletResponse);
                return true;
            } catch (Exception e) {
                log.error(e.getMessage(), (Throwable) e);
                return true;
            }
        } catch (Exception e2) {
            log.error("updateSSOToken error:" + e2.getMessage());
            throw new SSOException(e2.getMessage(), e2);
        }
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        check();
        FilterManager.init(filterConfig, this.initParams);
        BucSSOClientUtil.updateClientVersionUrl(FilterManager.getUpdateClientVersionUrl());
        BucSSOClientUtil.startSSOCheck();
        BucSSOClientUtil.startPullConfThread();
        String str = "Init SSOFilter success, version=" + FilterManager.getClientVersion();
        System.out.println(str);
        log.info(str);
    }

    private void check() {
        try {
            new InetAddressValidator();
        } catch (Throwable th) {
            throw new RuntimeException("SSOFilter init fail, require commons-validator:commons-validator:1.4.0 or later", th);
        }
    }

    private void log(HttpServletRequest httpServletRequest, long j) {
        try {
            LogContext logContext = new LogContext();
            logContext.setCostTime(j);
            BucSSOUser bucSSOUser = SimpleUserUtil.getBucSSOUser(httpServletRequest, true);
            if (bucSSOUser != null) {
                logContext.setUserId(bucSSOUser.getId());
                logContext.setEmpId(bucSSOUser.getEmpId());
                logContext.setNamespace(bucSSOUser.getNamespace());
                logContext.setRealmId(bucSSOUser.getRealmId());
            }
            logContext.setAppName(FilterManager.getAppName());
            logContext.setAppCode(FilterManager.getAppCode());
            LogClient.collectLog(httpServletRequest, logContext);
        } catch (Throwable th) {
        }
    }

    public void setInitParams(Map<String, String> map) {
        this.initParams = map;
    }
}
