package com.kuaike.cas.filter.authenticate;

import com.kuaike.cas.context.AccessControlContext;
import com.kuaike.cas.session.AuthSessionManager;
import com.kuaike.cas.session.SessionCookieManager;
import com.kuaike.cas.util.JsonUtil;
import com.kuaike.common.errorcode.CommonErrorCode;
import com.kuaike.common.utils.ApiResultUtils;
import com.kuaike.common.utils.WebCommonUtil;
import com.kuaike.common.utils.WebCommonsUtils;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy;
import org.jasig.cas.client.authentication.ContainsPatternUrlPatternMatcherStrategy;
import org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy;
import org.jasig.cas.client.authentication.DefaultGatewayResolverImpl;
import org.jasig.cas.client.authentication.ExactUrlPatternMatcherStrategy;
import org.jasig.cas.client.authentication.GatewayResolver;
import org.jasig.cas.client.authentication.RegexUrlPatternMatcherStrategy;
import org.jasig.cas.client.authentication.UrlPatternMatcherStrategy;
import org.jasig.cas.client.configuration.ConfigurationKeys;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.ReflectUtils;
import org.jasig.cas.client.validation.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/kuaike/cas/filter/authenticate/ClusteredAuthenticationFilter.class */
public class ClusteredAuthenticationFilter extends AbstractCasFilter {
    private static final Logger log = LoggerFactory.getLogger(ClusteredAuthenticationFilter.class);
    private static final Map<String, Class<? extends UrlPatternMatcherStrategy>> PATTERN_MATCHER_TYPES = new HashMap();

    @Autowired
    private AuthSessionManager authSessionManager;

    @Autowired
    private SessionCookieManager sessionCookieManager;
    private String casServerLoginUrl;
    private boolean renew;
    private boolean gateway;
    private GatewayResolver gatewayStorage;
    private AuthenticationRedirectStrategy authenticationRedirectStrategy;
    private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass;

    public ClusteredAuthenticationFilter() {
        this(Protocol.CAS2);
    }

    private ClusteredAuthenticationFilter(Protocol protocol) {
        super(protocol);
        this.renew = false;
        this.gateway = false;
        this.gatewayStorage = new DefaultGatewayResolverImpl();
        this.authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
        this.ignoreUrlPatternMatcherStrategyClass = null;
    }

    protected void initInternal(FilterConfig filterConfig) throws ServletException {
        if (isIgnoreInitConfiguration()) {
            return;
        }
        super.initInternal(filterConfig);
        setCasServerLoginUrl(getString(ConfigurationKeys.CAS_SERVER_LOGIN_URL));
        setRenew(getBoolean(ConfigurationKeys.RENEW));
        setGateway(getBoolean(ConfigurationKeys.GATEWAY));
        String string = getString(ConfigurationKeys.IGNORE_PATTERN);
        String string2 = getString(ConfigurationKeys.IGNORE_URL_PATTERN_TYPE);
        if (string != null) {
            Class<? extends UrlPatternMatcherStrategy> cls = PATTERN_MATCHER_TYPES.get(string2);
            if (cls != null) {
                this.ignoreUrlPatternMatcherStrategyClass = (UrlPatternMatcherStrategy) ReflectUtils.newInstance(cls.getName(), new Object[0]);
            } else {
                try {
                    log.trace("Assuming {} is a qualified class name...", string2);
                    this.ignoreUrlPatternMatcherStrategyClass = (UrlPatternMatcherStrategy) ReflectUtils.newInstance(string2, new Object[0]);
                } catch (IllegalArgumentException e) {
                    log.error("Could not instantiate class [{}]", string2, e);
                }
            }
            if (this.ignoreUrlPatternMatcherStrategyClass != null) {
                this.ignoreUrlPatternMatcherStrategyClass.setPattern(string);
            }
        }
        Class cls2 = getClass(ConfigurationKeys.GATEWAY_STORAGE_CLASS);
        if (cls2 != null) {
            setGatewayStorage((GatewayResolver) ReflectUtils.newInstance(cls2, new Object[0]));
        }
        Class cls3 = getClass(ConfigurationKeys.AUTHENTICATION_REDIRECT_STRATEGY_CLASS);
        if (cls3 != null) {
            this.authenticationRedirectStrategy = (AuthenticationRedirectStrategy) ReflectUtils.newInstance(cls3, new Object[0]);
        }
    }

    public void init() {
        super.init();
        CommonUtils.assertNotNull(this.casServerLoginUrl, "casServerLoginUrl cannot be null.");
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        AccessControlContext.clearSessionCookie();
        AccessControlContext.clearUrlFreeOfAuthentication();
        AccessControlContext.clearLoginAccountName();
        AccessControlContext.clearST();
        if (isRequestUrlExcluded(httpServletRequest) || isLogined(httpServletRequest) || isInTicketValidation(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            redirectToLogin(httpServletRequest, httpServletResponse);
        }
    }

    private boolean isRequestUrlExcluded(HttpServletRequest httpServletRequest) {
        if (this.ignoreUrlPatternMatcherStrategyClass == null) {
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.endsWith(".m")) {
            AccessControlContext.markUrlFreeOfAuthentication();
            log.info("移动端请求绕过: {}", requestURI);
            return true;
        }
        boolean matches = this.ignoreUrlPatternMatcherStrategyClass.matches(requestURI);
        if (matches) {
            AccessControlContext.markUrlFreeOfAuthentication();
            log.info("请求为登录白名单：{}", requestURI);
        }
        return matches;
    }

    private boolean isLogined(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        String str = this.sessionCookieManager.get(httpServletRequest);
        if (!StringUtils.isNotBlank(str)) {
            return false;
        }
        Assertion assertion = session != null ? (Assertion) session.getAttribute("_const_cas_assertion_") : null;
        if (assertion != null) {
            log.info("从session获取Assertion成功，sessionCookie为：{}", str);
        } else {
            log.info("从session获取Assertion失败，尝试从共享存储获取，sessionCookie为：{}", str);
            assertion = this.authSessionManager.getAssertionBySessionCookie(str);
            if (assertion != null) {
                httpServletRequest.setAttribute("_const_cas_assertion_", assertion);
                log.info("从共享存储获取Assertion成功，sessionCookie为：{}", str);
            } else {
                log.info("从共享存储获取Assertion失败，sessionCookie为：{}", str);
            }
        }
        if (assertion == null) {
            return false;
        }
        AccessControlContext.setLoginAccountName(assertion.getPrincipal().getName());
        AccessControlContext.setSessionCookie(str);
        AccessControlContext.setST(this.authSessionManager.getTicketBySessionCookie(str));
        return true;
    }

    private boolean isInTicketValidation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return CommonUtils.isNotBlank(retrieveTicketFromRequest(httpServletRequest)) || (this.gateway && this.gatewayStorage.hasGatewayedAlready(httpServletRequest, constructServiceUrl(httpServletRequest, httpServletResponse)));
    }

    private void redirectToLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String str;
        String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse);
        log.debug("请求中并没发现Assertion和ticket");
        if (this.gateway) {
            log.debug("setting gateway attribute in session");
            str = this.gatewayStorage.storeGatewayInformation(httpServletRequest, constructServiceUrl);
        } else {
            str = constructServiceUrl;
        }
        log.debug("开始拼接cas登录跳转地址: {}", str);
        if (WebCommonsUtils.isAjaxRequest(httpServletRequest)) {
            WebCommonUtil.returnMessage(httpServletResponse, JsonUtil.toJsonString(ApiResultUtils.buildApiResult(CommonErrorCode.NO_LOGIN, "用户未登录", Collections.singletonMap("redirectUrl", CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getProtocol().getServiceParameterName(), "", this.renew, this.gateway)))));
        } else {
            String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getProtocol().getServiceParameterName(), str, this.renew, this.gateway);
            log.debug("开始跳转至cas登录地址 \"{}\"", constructRedirectUrl);
            this.authenticationRedirectStrategy.redirect(httpServletRequest, httpServletResponse, constructRedirectUrl);
        }
    }

    private void setRenew(boolean z) {
        this.renew = z;
    }

    private void setGateway(boolean z) {
        this.gateway = z;
    }

    private void setCasServerLoginUrl(String str) {
        this.casServerLoginUrl = str;
    }

    private void setGatewayStorage(GatewayResolver gatewayResolver) {
        this.gatewayStorage = gatewayResolver;
    }

    static {
        PATTERN_MATCHER_TYPES.put("CONTAINS", ContainsPatternUrlPatternMatcherStrategy.class);
        PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class);
        PATTERN_MATCHER_TYPES.put("EXACT", ExactUrlPatternMatcherStrategy.class);
    }
}
