package com.epoint.sso.client.validation;

import com.epoint.sso.client.Constants;
import com.epoint.sso.client.authentication.AbstractSSOFilter;
import com.epoint.sso.client.request.OAuth2ParamsBuilder;
import com.epoint.sso.client.util.CheckTokenUtil;
import com.epoint.sso.client.util.ClientUtils;
import com.epoint.sso.client.util.IgnoreUtil;
import com.epoint.sso.client.util.ServiceUtil;
import com.epoint.sso.client.util.StringUtil;
import com.epoint.sso.client.util.WebAsUtils;
import com.epoint.sso.client.util.WebUtil;
import com.epoint.third.alibaba.fastjson.JSONObject;
import com.epoint.third.apache.commons.httpclient.cookie.CookieSpec;
import com.epoint.third.apache.oltu.oauth2.common.message.types.ParameterStyle;
import com.epoint.third.apache.oltu.oauth2.common.utils.OAuthUtils;
import com.epoint.third.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/epoint/sso/client/validation/AuthorizingFilter.class */
public class AuthorizingFilter extends AbstractSSOFilter {
    private static Logger logger = Logger.getLogger(AuthorizingFilter.class);
    private String ssoSkip;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.epoint.sso.client.authentication.AbstractSSOFilter
    public void initInternal(FilterConfig filterConfig) throws ServletException {
        super.initInternal(filterConfig);
        setSsoSkip(getPropertyFromInitParams(filterConfig, "ssoSkip", null));
        this.log.trace("Loaded SSOSkip parameter: " + this.ssoSkip);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String parameter;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (WebAsUtils.isRoot(httpServletRequest)) {
            if (logger.isDebugEnabled()) {
                logger.debug(">>>  AuthorizingFilter > Request Type > [ isRoot/isLogin ] >>>");
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (WebAsUtils.getRequestURI(httpServletRequest).indexOf("jsboot") >= 0) {
            if (logger.isDebugEnabled()) {
                logger.debug(">>>  AuthorizingFilter > Request Type > [ isJsboot ] >>>");
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if ("true".equals(httpServletRequest.getSession().getAttribute("org.apache.shiro.subject.support.DefaultSubjectContext_AUTHENTICATED_SESSION_KEY"))) {
            if (logger.isDebugEnabled()) {
                logger.debug(">>>  AuthorizingFilter > Request Type > [ isAuthenticated ] >>>");
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (StringUtil.isNotBlank(CheckTokenUtil.getClientId(httpServletRequest))) {
            if (logger.isDebugEnabled()) {
                logger.debug(">>>  AuthorizingFilter > Request Type > [ isGateway ] >>>");
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (IgnoreUtil.isSkip(httpServletRequest.getRequestURI(), httpServletRequest.getContextPath(), this.ssoSkip)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (StringUtil.isNotBlank(httpServletRequest.getParameter(getArtifactParameterName()))) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (httpServletRequest.getAttribute(AbstractSSOFilter.CONST_SSO_HASCHECKTOKEN) != null && Boolean.parseBoolean(httpServletRequest.getAttribute(AbstractSSOFilter.CONST_SSO_HASCHECKTOKEN).toString())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (logger.isDebugEnabled()) {
            logger.debug(">>> AuthorizingFilter > onAccessDenied > Dealing with authentication >>>");
        }
        if (logger.isTraceEnabled()) {
            System.out.println("-------------------------- Request Headers ---------------------------");
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                System.out.println(str + " : " + httpServletRequest.getHeader(str));
            }
            System.out.println("----------------------------------------------------------------------");
        }
        OAuthCheckTokenInfo oAuthCheckTokenInfo = null;
        try {
            parameter = new OAuthAccessResourceRequest(httpServletRequest, ParameterStyle.HEADER, ParameterStyle.BODY, ParameterStyle.QUERY).getAccessToken();
        } catch (Exception e) {
            parameter = httpServletRequest.getParameter("access_token");
            if (StringUtil.isBlank(parameter)) {
                parameter = OAuthUtils.getAuthHeaderField(httpServletRequest.getHeader("Authorization"));
            }
            logger.debug("获取token出现异常,采取兼容方式获取！ >>> " + parameter);
        }
        if (logger.isDebugEnabled()) {
            logger.debug(">>> AuthorizingFilter > CheckToken Infomation Before > [ Token = " + parameter + " ] > [ checkType = Server ]  >>>");
        }
        try {
            OAuthCheckTokenInfo checkToken = ClientUtils.checkToken(OAuth2ParamsBuilder.oauth2Params().setTargetUrl(ServiceUtil.constructCheckTokenUrl(getServiceUrl())).setToken(parameter).setRequestUrl(CookieSpec.PATH_DELIM + WebUtil.getRequestURI(httpServletRequest)).setCheckType("SERVER").buildCheckTokenParams());
            if (logger.isDebugEnabled()) {
                logger.debug(">>> AuthorizingFilter > CheckToken Infomation After > [ status = " + checkToken.getStatus() + " ] > [ error = " + checkToken.getError() + " ]  >>>");
            }
            if (checkToken.getStatus() != 200 || !StringUtil.isBlank(checkToken.getError())) {
                renderResponse(checkToken.buildJsonErrorResponse(), httpServletResponse, checkToken.getStatus());
                return;
            }
            httpServletRequest.setAttribute(Constants.CHECK_TOKEN_INFO, checkToken);
            if (logger.isDebugEnabled()) {
                logger.debug(">>> AuthorizingFilter > setAttribute " + JSONObject.toJSONString(checkToken) + " >>> ");
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (Exception e2) {
            logger.debug("鉴权流程发生异常!", e2);
            if (0 == 0) {
                oAuthCheckTokenInfo = new OAuthCheckTokenInfo();
                oAuthCheckTokenInfo.setError("timeout");
                oAuthCheckTokenInfo.setErrorDescription("请求统一认证服务端超时，请确认统一认证服务端是否开启或者配置地址是否正确，如果有内外网，请确认内网地址是否配置正确！");
                oAuthCheckTokenInfo.setStatus(200);
            }
            renderResponse(oAuthCheckTokenInfo.buildJsonErrorResponse(), httpServletResponse, oAuthCheckTokenInfo.getStatus());
        }
    }

    protected void renderResponse(String str, HttpServletResponse httpServletResponse, int i) {
        httpServletResponse.setStatus(i);
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            writer.print(str);
            writer.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    protected void build500ErrorResponse(OAuthCheckTokenInfo oAuthCheckTokenInfo, Exception exc) {
        OAuthCheckTokenInfo oAuthCheckTokenInfo2 = new OAuthCheckTokenInfo();
        oAuthCheckTokenInfo2.setError("unExceped");
        oAuthCheckTokenInfo2.setErrorDescription("Server has occured some unExceped Errors.");
        oAuthCheckTokenInfo2.setStatus(500);
    }

    public void setSsoSkip(String str) {
        this.ssoSkip = str;
    }
}
