package cn.gtmap.realestate.supervise.portal.utils;

import cn.gtmap.realestate.supervise.entity.UserAuthDTO;
import cn.gtmap.realestate.supervise.portal.service.XtUserService;
import com.alibaba.fastjson.JSONObject;
import com.gtis.config.AppConfig;
import java.io.IOException;
import java.util.Date;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.util.ObjectUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:WEB-INF/classes/cn/gtmap/realestate/supervise/portal/utils/LockUserFilter.class */
public class LockUserFilter implements Filter {
    private CharSequence salt;
    private Logger logger = LoggerFactory.getLogger(getClass());
    private Integer loginFailureLockedTimes = Integer.valueOf(AppConfig.getIntProperty("login.failure.locked.times"));

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String parameter = servletRequest.getParameter("username");
        String parameter2 = servletRequest.getParameter("password");
        if (StringUtils.equals(((HttpServletRequest) servletRequest).getMethod(), "GET")) {
            sendJsonViaReponse((HttpServletResponse) servletResponse, null, "failure");
            return;
        }
        String decryptDataOnJava = RSAUtils.decryptDataOnJava(parameter);
        String decryptDataOnJava2 = RSAUtils.decryptDataOnJava(parameter2);
        XtUserService xtUserService = (XtUserService) WebApplicationContextUtils.getWebApplicationContext(((HttpServletRequest) servletRequest).getSession().getServletContext()).getBean("xtUserService");
        String xtPropertiesByKey = xtUserService.getXtPropertiesByKey("sensitiveAccount");
        if (null != xtPropertiesByKey && xtPropertiesByKey.split(",").length != 0) {
            for (String str : xtPropertiesByKey.split(",")) {
                if (decryptDataOnJava.contains(str)) {
                    sendJsonViaReponse((HttpServletResponse) servletResponse, null, "failure");
                    return;
                }
            }
        }
        UserAuthDTO userAuthDTO = LockUserUtil.getlockHandle(decryptDataOnJava);
        if (!ObjectUtils.isEmpty(userAuthDTO) && null != userAuthDTO.getLoginLocked() && userAuthDTO.getLoginLocked().booleanValue()) {
            LoginUserUtil.eliminateUser(decryptDataOnJava);
            sendJsonViaReponse((HttpServletResponse) servletResponse, userAuthDTO.getLoginFailureTimes().toString(), "locked");
            return;
        }
        UserAuthDTO loadUserByUserName = xtUserService.loadUserByUserName(decryptDataOnJava);
        if (ObjectUtils.isEmpty(loadUserByUserName)) {
            sendJsonViaReponse((HttpServletResponse) servletResponse, null, "failure");
            return;
        }
        if (loadUserByUserName.getPassword().equals(new Md5PasswordEncoder().encodePassword(decryptDataOnJava2, this.salt))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (ObjectUtils.isEmpty(userAuthDTO)) {
            loadUserByUserName.setLoginFailureTimes(1);
            LockUserUtil.setlockHandle(loadUserByUserName.getUsername(), loadUserByUserName);
            sendJsonViaReponse((HttpServletResponse) servletResponse, 1, "failure");
            return;
        }
        int intValue = userAuthDTO.getLoginFailureTimes().intValue() + 1;
        userAuthDTO.setLoginFailureTimes(Integer.valueOf(intValue));
        if (intValue < this.loginFailureLockedTimes.intValue()) {
            sendJsonViaReponse((HttpServletResponse) servletResponse, Integer.valueOf(intValue), "failure");
            return;
        }
        userAuthDTO.setLoginLocked(true);
        userAuthDTO.setLockDate(new Date());
        LoginUserUtil.eliminateUser(decryptDataOnJava);
        sendJsonViaReponse((HttpServletResponse) servletResponse, Integer.valueOf(intValue), "locked");
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    private void sendJsonViaReponse(HttpServletResponse httpServletResponse, Object obj, String str) {
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json; charset=utf-8");
        JSONObject jSONObject = new JSONObject();
        if (!ObjectUtils.isEmpty(obj)) {
            jSONObject.put("times", obj);
        }
        jSONObject.put("msg", (Object) str);
        try {
            httpServletResponse.getWriter().append((CharSequence) jSONObject.toString());
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}
