package com.baijia.cas.client.filter;

import com.baijia.cas.client.ac.AccessControlImpl;
import com.baijia.cas.client.dto.AccountDto;
import com.baijia.cas.client.dto.RoleDto;
import com.baijia.cas.client.util.AccessControlContext;
import com.baijia.cas.client.util.JacksonUtil;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.client.util.AssertionHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/baijia/cas/client/filter/AccessControlContextInitFilter.class */
public class AccessControlContextInitFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(AccessControlContextInitFilter.class);
    private static final String CAS_CURRENT_ROLE_COOKIE_ID = "CAS_AC_CURRENT_ROLE";
    private static final String CAS_CURRENT_ACCOUNT_SESSION_KEY = "CAS_AC_ACCOUNT";
    private final AccessControlImpl accessControl = AccessControlImpl.getInstance();
    private boolean configCurrentRoleAtUI = true;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("configCurrentRoleAtUI");
        if (StringUtils.isNotBlank(initParameter)) {
            this.configCurrentRoleAtUI = Boolean.parseBoolean(initParameter);
            logger.info("configRoleAtUIValue : {}", initParameter);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            AccessControlContext.init();
            AccountDto account = getAccount((HttpServletRequest) servletRequest);
            AccessControlContext.setAccount(account);
            if (logger.isDebugEnabled()) {
                logger.debug("Add account:{} to access context.", account);
            }
            if (this.configCurrentRoleAtUI) {
                checkAndConfigCurrentRole((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } finally {
            AccessControlContext.clear();
        }
    }

    public void destroy() {
    }

    private AccountDto getAccount(HttpServletRequest httpServletRequest) {
        AccountDto accountDto = (AccountDto) httpServletRequest.getSession(false).getAttribute(CAS_CURRENT_ACCOUNT_SESSION_KEY);
        if (accountDto != null) {
            return accountDto;
        }
        String str = (String) AssertionHolder.getAssertion().getPrincipal().getAttributes().get("accountJsonInfo");
        if (logger.isDebugEnabled()) {
            logger.debug("Get accountJsonInfo:{}", str);
        }
        try {
            return (AccountDto) JacksonUtil.str2Obj(str, AccountDto.class);
        } catch (IOException e) {
            throw new RuntimeException("Access control - unserialize AccountDto failed.");
        }
    }

    private void checkAndConfigCurrentRole(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie searchCurrentRoleCookie = searchCurrentRoleCookie(httpServletRequest);
        logger.debug("Search cookie of current role,result:{}", searchCurrentRoleCookie);
        RoleDto roleDto = new RoleDto();
        if (isNotConfigRight(searchCurrentRoleCookie, roleDto)) {
            roleDto = pickOneAsCurrent();
            Cookie cookie = new Cookie(CAS_CURRENT_ROLE_COOKIE_ID, roleDto.getTag());
            cookie.setPath("/");
            logger.debug("Cookie not config right, fix cookie with [name={},value={}]", cookie.getName(), cookie.getValue());
            httpServletResponse.addCookie(cookie);
        }
        AccessControlContext.setCurrentRole(roleDto);
        logger.debug("Set current role:{} to access context.", roleDto);
    }

    private Cookie searchCurrentRoleCookie(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getCookies() == null) {
            return null;
        }
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if (cookie.getName().equals(CAS_CURRENT_ROLE_COOKIE_ID)) {
                return cookie;
            }
        }
        return null;
    }

    private boolean isNotConfigRight(Cookie cookie, RoleDto roleDto) {
        if (cookie == null) {
            return true;
        }
        String value = cookie.getValue();
        List<RoleDto> rolesInApp = rolesInApp();
        if (StringUtils.isBlank(value) && rolesInApp.isEmpty()) {
            return false;
        }
        boolean z = false;
        Iterator<RoleDto> it = rolesInApp().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().getTag().equals(value)) {
                z = true;
                break;
            }
        }
        return !z;
    }

    private RoleDto pickOneAsCurrent() {
        List<RoleDto> rolesInApp = rolesInApp();
        return rolesInApp.isEmpty() ? new RoleDto() : rolesInApp.get(0);
    }

    private List<RoleDto> rolesInApp() {
        return this.accessControl.rolesInApp();
    }
}
