package com.elitesland.cloudt.authorization.sdk.config.security.configurer.filter;

import com.elitesland.cloudt.authorization.sdk.common.SdkConstants;
import com.elitesland.cloudt.authorization.sdk.common.TicketAuthentication;
import com.elitesland.cloudt.authorization.sdk.config.AuthorizationSdkProperties;
import com.elitesland.cloudt.authorization.sdk.model.UserInfoDTO;
import com.elitesland.cloudt.authorization.sdk.sso.SsoProvider;
import com.elitesland.cloudt.authorization.sdk.sso.TicketResolver;
import com.elitesland.cloudt.authorization.sdk.util.AuthorizationServerHelper;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/elitesland/cloudt/authorization/sdk/config/security/configurer/filter/CloudtSsoFilter.class */
public class CloudtSsoFilter extends OncePerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(CloudtSsoFilter.class);
    private final AuthorizationSdkProperties sdkProperties;
    private TicketResolver ticketResolver;
    private SsoProvider ssoProvider;
    private AuthenticationSuccessHandler authenticationSuccessHandler;
    private AuthenticationFailureHandler authenticationFailureHandler;
    private final AuthorizationServerHelper authorizationServerHelper = AuthorizationServerHelper.getInstance();
    private final ObjectMapper objectMapper = new ObjectMapper();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/elitesland/cloudt/authorization/sdk/config/security/configurer/filter/CloudtSsoFilter$AuthorizedResult.class */
    public static class AuthorizedResult implements Serializable {
        private static final long serialVersionUID = -4599981681764185389L;
        private final boolean authorized;
        private final String msg;
        private final Serializable token;

        public AuthorizedResult() {
            this.authorized = false;
            this.msg = "";
            this.token = null;
        }

        public AuthorizedResult(boolean z, String str) {
            this.authorized = z;
            this.msg = str;
            this.token = null;
        }

        public AuthorizedResult(boolean z, String str, Serializable serializable) {
            this.authorized = z;
            this.msg = str;
            this.token = serializable;
        }

        public boolean isAuthorized() {
            return this.authorized;
        }

        public String getMsg() {
            return this.msg;
        }

        public Serializable getToken() {
            return this.token;
        }
    }

    public CloudtSsoFilter(AuthorizationSdkProperties authorizationSdkProperties) {
        this.sdkProperties = authorizationSdkProperties;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (supportAuthorize(httpServletRequest)) {
            ssoAuthorize(httpServletRequest, httpServletResponse);
        } else if (supportRevoke(httpServletRequest)) {
            ssoRevoke(httpServletRequest, httpServletResponse);
        } else {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    public void setSsoProvider(SsoProvider ssoProvider) {
        this.ssoProvider = ssoProvider;
    }

    public void setTicketResolver(TicketResolver ticketResolver) {
        this.ticketResolver = ticketResolver;
    }

    public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler authenticationSuccessHandler) {
        this.authenticationSuccessHandler = authenticationSuccessHandler;
    }

    public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
        this.authenticationFailureHandler = authenticationFailureHandler;
    }

    private void ssoAuthorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        TicketAuthentication authentication;
        if (this.ssoProvider != null && this.ssoProvider.isAuthenticated(httpServletRequest)) {
            respAuthorized(httpServletResponse, false, null);
            return;
        }
        UserInfoDTO userInfoDTO = null;
        String obtain = this.ticketResolver.obtain(httpServletRequest);
        if (StringUtils.hasText(obtain)) {
            userInfoDTO = obtainUser(obtain);
        }
        if (userInfoDTO == null) {
            respLogin(httpServletResponse);
            return;
        }
        TicketAuthentication ticketAuthentication = new TicketAuthentication(obtain, userInfoDTO);
        if (this.ssoProvider != null) {
            try {
                authentication = this.ssoProvider.authentication(httpServletRequest, httpServletResponse, ticketAuthentication);
            } catch (Exception e) {
                LOG.info("认证失败：{}", e.getMessage());
                respLogin(httpServletResponse);
                return;
            }
        } else {
            authentication = new TicketAuthentication(obtain, userInfoDTO, Collections.emptyList());
        }
        if (authentication.isAuthenticated()) {
            if (this.authenticationSuccessHandler != null) {
                this.authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
            }
        } else if (this.authenticationFailureHandler != null) {
            this.authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, new AuthenticationServiceException("认证失败"));
        }
        this.ticketResolver.save(httpServletRequest, httpServletResponse, obtain);
        respAuthorized(httpServletResponse, true, authentication.getToken());
    }

    private void ssoRevoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String obtain = this.ticketResolver.obtain(httpServletRequest);
        if (this.ssoProvider != null) {
            this.ssoProvider.clearToken(httpServletRequest, httpServletResponse, obtain);
        }
        if (StringUtils.hasText(obtain)) {
            if (!"true".equalsIgnoreCase(httpServletRequest.getParameter(SdkConstants.PARAM_SSO_SERVER))) {
                this.authorizationServerHelper.revokeTicket(this.sdkProperties.getAuthServer(), obtain);
            }
            this.ticketResolver.clear(httpServletRequest, httpServletResponse);
        }
        respLogin(httpServletResponse);
    }

    private boolean supportAuthorize(HttpServletRequest httpServletRequest) {
        if (StringUtils.hasText(this.sdkProperties.getSso().getAuthorizeEndpoint())) {
            return httpServletRequest.getRequestURI().equals(this.sdkProperties.getSso().getAuthorizeEndpoint());
        }
        LOG.error("单点登录拦截失效，认证地址未配置！");
        return false;
    }

    private boolean supportRevoke(HttpServletRequest httpServletRequest) {
        if (StringUtils.hasText(this.sdkProperties.getSso().getAuthorizeRevokeEndpoint())) {
            return httpServletRequest.getRequestURI().equals(this.sdkProperties.getSso().getAuthorizeRevokeEndpoint());
        }
        LOG.error("单点登录的注销地址未配置！");
        return false;
    }

    private UserInfoDTO obtainUser(String str) {
        UserInfoDTO userInfoDTO = null;
        try {
            userInfoDTO = this.authorizationServerHelper.ticket2UserInfo(this.sdkProperties.getAuthServer(), str);
        } catch (Exception e) {
            this.logger.error("单点登录异常：", e);
        }
        if (userInfoDTO == null) {
            LOG.info("未解析到有效用户信息，需登录");
        }
        return userInfoDTO;
    }

    private void respAuthorized(HttpServletResponse httpServletResponse, boolean z, Serializable serializable) throws IOException {
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setStatus(HttpStatus.OK.value());
        PrintWriter writer = httpServletResponse.getWriter();
        try {
            writer.write(this.objectMapper.writeValueAsString(new AuthorizedResult(true, z ? "SSO服务已认证" : "服务已认证", serializable)));
            if (writer != null) {
                writer.close();
            }
        } catch (Throwable th) {
            if (writer != null) {
                try {
                    writer.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void respLogin(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        PrintWriter writer = httpServletResponse.getWriter();
        try {
            writer.write(this.objectMapper.writeValueAsString(new AuthorizedResult(false, "请重新登录")));
            if (writer != null) {
                writer.close();
            }
        } catch (Throwable th) {
            if (writer != null) {
                try {
                    writer.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
