package com.baijia.cas.client.filter;

import com.baijia.cas.ac.dto.AccountDto;
import com.baijia.cas.ac.dto.RoleDto;
import com.baijia.cas.client.util.AccessControlContext;
import com.baijia.cas.client.util.CommonUtils;
import com.baijia.cas.client.util.JacksonUtil;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.client.util.AssertionHolder;
import org.jasig.cas.client.validation.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;

/* loaded from: input_file:com/baijia/cas/client/filter/AccessControlContextInitFilter.class */
public class AccessControlContextInitFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(AccessControlContextInitFilter.class);
    public static final String CAS_CURRENT_ROLE_COOKIE_ID = "CAS_AC_CURRENT_ROLE";
    public static final String CAS_CURRENT_LOGIN_ACCOUNT_SESSION_KEY = "CAS_AC_LOGIN_ACCOUNT";
    public static final String CAS_CURRENT_ACCOUNT_SESSION_KEY = "CAS_AC_ACCOUNT";
    private boolean configCurrentRoleAtUI = true;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("configCurrentRoleAtUI");
        if (StringUtils.isNotBlank(initParameter)) {
            this.configCurrentRoleAtUI = Boolean.parseBoolean(initParameter);
            logger.info("configRoleAtUIValue : {}", initParameter);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            AccessControlContext.init();
            AccountDto loginAccount = getLoginAccount(httpServletRequest);
            AccountDto dataAccount = getDataAccount(httpServletRequest);
            AccessControlContext.setLoginAccount(loginAccount);
            AccessControlContext.setAccount(dataAccount);
            if (this.configCurrentRoleAtUI) {
                AccessControlContext.setCurrentRole(checkAndConfigCurrentRole(httpServletRequest, httpServletResponse));
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Add login account:{} to access context.", loginAccount);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } finally {
            AccessControlContext.clear();
        }
    }

    public void destroy() {
    }

    private AccountDto getLoginAccount(HttpServletRequest httpServletRequest) {
        AccountDto loginAccountFromSession = getLoginAccountFromSession(httpServletRequest);
        if (loginAccountFromSession == null) {
            loginAccountFromSession = getLoginAccountFromAssertion(httpServletRequest);
        }
        return loginAccountFromSession;
    }

    private AccountDto getDataAccount(HttpServletRequest httpServletRequest) {
        return (AccountDto) httpServletRequest.getSession(false).getAttribute(CAS_CURRENT_ACCOUNT_SESSION_KEY);
    }

    private AccountDto getLoginAccountFromSession(HttpServletRequest httpServletRequest) {
        AccountDto accountDto = (AccountDto) httpServletRequest.getSession(false).getAttribute(CAS_CURRENT_LOGIN_ACCOUNT_SESSION_KEY);
        if (accountDto != null) {
            logger.debug("Get login account:{} from session", accountDto);
        }
        return accountDto;
    }

    private AccountDto getLoginAccountFromAssertion(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        Assertion assertion = AssertionHolder.getAssertion();
        String str = (String) assertion.getPrincipal().getAttributes().get("accountJsonInfo");
        if (logger.isDebugEnabled()) {
            logger.debug("Get assertion:{}", JacksonUtil.safeObj2Str(assertion));
            logger.debug("Get accountJsonInfo:{}", str);
        }
        try {
            AccountDto accountDto = (AccountDto) JacksonUtil.str2Obj(str, AccountDto.class);
            session.setAttribute(CAS_CURRENT_LOGIN_ACCOUNT_SESSION_KEY, accountDto);
            logger.info("Get login account:{} from assertion", accountDto);
            return accountDto;
        } catch (IOException e) {
            throw new RuntimeException("Access control - unserialize AccountDto failed.");
        }
    }

    private RoleDto checkAndConfigCurrentRole(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie searchCurrentRoleCookie = searchCurrentRoleCookie(httpServletRequest);
        if (logger.isDebugEnabled()) {
            if (searchCurrentRoleCookie != null) {
                logger.debug("Searched cookie name:{}, value:{} of current role", searchCurrentRoleCookie.getName(), searchCurrentRoleCookie.getValue());
            } else {
                logger.debug("Searched cookie : null of current role.");
            }
        }
        RoleDto roleDto = new RoleDto();
        if (isNotConfigRight(searchCurrentRoleCookie, roleDto)) {
            roleDto = pickOneAsCurrent();
            CommonUtils.setCurrentRoleCookie(httpServletResponse, roleDto);
            logger.info("Cookie not config right, fix cookie:{}", JacksonUtil.safeObj2Str(roleDto));
        }
        return roleDto;
    }

    private Cookie searchCurrentRoleCookie(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getCookies() == null) {
            return null;
        }
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if (cookie.getName().equals(CAS_CURRENT_ROLE_COOKIE_ID)) {
                return cookie;
            }
        }
        return null;
    }

    private boolean isNotConfigRight(Cookie cookie, RoleDto roleDto) {
        if (cookie == null) {
            return true;
        }
        String value = cookie.getValue();
        List<RoleDto> rolesInApp = rolesInApp();
        if (StringUtils.isBlank(value) && rolesInApp.isEmpty()) {
            return false;
        }
        boolean z = false;
        Iterator<RoleDto> it = rolesInApp().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            RoleDto next = it.next();
            if (tagMatchRole(value, next)) {
                z = true;
                copyRoleDto(next, roleDto);
                break;
            }
        }
        return !z;
    }

    private boolean tagMatchRole(String str, RoleDto roleDto) {
        if (AccessControlContext.getAppId() != 1) {
            return roleDto.getTag().equals(str);
        }
        String[] split = str.split("-");
        if (split.length == 2) {
            return roleDto.getTag().equals(split[0]) && roleDto.getOpenRoleUid() == Integer.parseInt(split[1]);
        }
        return false;
    }

    private RoleDto pickOneAsCurrent() {
        List<RoleDto> rolesInApp = rolesInApp();
        RoleDto roleDto = rolesInApp.isEmpty() ? new RoleDto() : rolesInApp.get(0);
        if (logger.isDebugEnabled()) {
            logger.debug("Pick one role:{} as current for login account.", roleDto);
        }
        return roleDto;
    }

    private List<RoleDto> rolesInApp() {
        return AccessControlContext.rolesInApp();
    }

    private void copyRoleDto(RoleDto roleDto, RoleDto roleDto2) {
        BeanUtils.copyProperties(roleDto, roleDto2);
    }

    public static void clearSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.removeAttribute("_const_cas_assertion_");
            session.removeAttribute(CAS_CURRENT_LOGIN_ACCOUNT_SESSION_KEY);
            session.removeAttribute(CAS_CURRENT_ACCOUNT_SESSION_KEY);
        }
    }
}
