package com.reps.sso.client.filter;

import com.reps.sso.client.ConfigConstants;
import com.reps.sso.client.authentication.AuthenticationRedirectStrategy;
import com.reps.sso.client.authentication.DefaultAuthenticationRedirectStrategy;
import com.reps.sso.client.session.RepsSingleSignOutHandler;
import com.reps.sso.client.validation.ClientServiceTicketValidator;
import com.reps.sso.client.validation.RepsAbstractTicketValidationFilter;
import java.io.IOException;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jasig.cas.client.proxy.AbstractEncryptedProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.proxy.Cas20ProxyRetriever;
import org.jasig.cas.client.proxy.CleanUpTimerTask;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.ssl.HttpsURLConnectionFactory;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.ReflectUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.TicketValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/reps/sso/client/filter/AbstractClientSSOFilter.class */
public abstract class AbstractClientSSOFilter extends RepsAbstractTicketValidationFilter {
    private String serverUrlPrefix;
    private String clientUri;
    private String logoutUri;
    private static final int DEFAULT_MILLIS_BETWEEN_CLEANUPS = 60000;
    private Timer timer;
    private TimerTask timerTask;
    private int millisBetweenCleanUps;
    private static final RepsSingleSignOutHandler HANDLER = new RepsSingleSignOutHandler();
    private static final String[] RESERVED_INIT_PARAMS = {"proxyGrantingTicketStorageClass", "proxyReceptorUrl", "acceptAnyProxy", "allowedProxyChains", "casServerUrlPrefix", "proxyCallbackUrl", "renew", "exceptionOnValidationFailure", "redirectAfterValidation", "useSession", "serverName", "service", "artifactParameterName", "serviceParameterName", "encodeServiceUrl", "millisBetweenCleanUps", "hostnameVerifier", "encoding", "config", "ticketValidatorClass"};
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private AtomicBoolean handlerInitialized = new AtomicBoolean(false);
    private AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
    private ProxyGrantingTicketStorage proxyGrantingTicketStorage = new ProxyGrantingTicketStorageImpl();

    public abstract void loginUserInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, Object> map);

    public abstract void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);

    @Override // com.reps.sso.client.validation.RepsAbstractTicketValidationFilter
    protected void onSuccessfulValidation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Assertion assertion) {
        if (assertion == null || assertion.getPrincipal() == null) {
            return;
        }
        loginUserInfo(httpServletRequest, httpServletResponse, new HashMap(assertion.getPrincipal().getAttributes()));
    }

    @Override // com.reps.sso.client.validation.RepsAbstractTicketValidationFilter
    protected boolean onFailedValidation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Integer num = (Integer) httpServletRequest.getSession().getAttribute("Failed_Validation_Count");
        Integer valueOf = Integer.valueOf(num == null ? 1 : Integer.valueOf(num.intValue() + 1).intValue());
        if (valueOf.intValue() > 3) {
            httpServletRequest.getSession().removeAttribute("Failed_Validation_Count");
            return true;
        }
        httpServletRequest.getSession().setAttribute("Failed_Validation_Count", valueOf);
        String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse);
        try {
            this.logger.debug("票据验证失败，将要进行第 {} 次重试", valueOf);
            this.authenticationRedirectStrategy.redirect(httpServletRequest, httpServletResponse, constructServiceUrl);
            return false;
        } catch (IOException e) {
            return true;
        }
    }

    private <T> T createNewTicketValidator(String str, String str2, Class<T> cls) {
        return CommonUtils.isBlank(str) ? (T) ReflectUtils.newInstance(cls, new Object[]{str2}) : (T) ReflectUtils.newInstance(str, new Object[]{str2});
    }

    @Override // com.reps.sso.client.validation.RepsAbstractTicketValidationFilter
    protected final TicketValidator getTicketValidator(FilterConfig filterConfig) {
        FilterConfig filterConfig2 = getFilterConfig(filterConfig);
        String propertyFromInitParams = getPropertyFromInitParams(filterConfig2, "ticketValidatorUrlPrefix", null);
        String propertyFromInitParams2 = CommonUtils.isNotBlank(propertyFromInitParams) ? propertyFromInitParams : getPropertyFromInitParams(filterConfig2, "casServerUrlPrefix", null);
        ClientServiceTicketValidator clientServiceTicketValidator = (ClientServiceTicketValidator) createNewTicketValidator(getPropertyFromInitParams(filterConfig2, "ticketValidatorClass", null), propertyFromInitParams2, ClientServiceTicketValidator.class);
        clientServiceTicketValidator.setProxyCallbackUrl(getPropertyFromInitParams(filterConfig2, "proxyCallbackUrl", null));
        clientServiceTicketValidator.setProxyGrantingTicketStorage(this.proxyGrantingTicketStorage);
        HttpsURLConnectionFactory httpsURLConnectionFactory = new HttpsURLConnectionFactory(getHostnameVerifier(filterConfig2), getSSLConfig(filterConfig2));
        clientServiceTicketValidator.setURLConnectionFactory(httpsURLConnectionFactory);
        clientServiceTicketValidator.setProxyRetriever(new Cas20ProxyRetriever(propertyFromInitParams2, getPropertyFromInitParams(filterConfig2, "encoding", null), httpsURLConnectionFactory));
        clientServiceTicketValidator.setRenew(parseBoolean(getPropertyFromInitParams(filterConfig2, "renew", "false")));
        clientServiceTicketValidator.setEncoding(getPropertyFromInitParams(filterConfig2, "encoding", null));
        HashMap hashMap = new HashMap();
        List asList = Arrays.asList(RESERVED_INIT_PARAMS);
        Enumeration initParameterNames = filterConfig2.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            if (!asList.contains(str)) {
                hashMap.put(str, filterConfig2.getInitParameter(str));
            }
        }
        clientServiceTicketValidator.setCustomParameters(hashMap);
        return clientServiceTicketValidator;
    }

    public void destroy() {
        super.destroy();
        this.timer.cancel();
        HANDLER.destroy();
    }

    public void setProxyGrantingTicketStorage(ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
        this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
    }

    public void setTimer(Timer timer) {
        this.timer = timer;
    }

    public void setTimerTask(TimerTask timerTask) {
        this.timerTask = timerTask;
    }

    public void setMillisBetweenCleanUps(int i) {
        this.millisBetweenCleanUps = i;
    }

    @Override // com.reps.sso.client.validation.RepsAbstractTicketValidationFilter
    protected final boolean preFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!this.handlerInitialized.getAndSet(true)) {
            HANDLER.init();
        }
        if (!HANDLER.process(httpServletRequest, httpServletResponse)) {
            logout(httpServletRequest, httpServletResponse);
            return false;
        }
        String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse);
        if (CommonUtils.isNotBlank(this.logoutUri) && isLogoutRequest(this.logoutUri, httpServletRequest)) {
            httpServletRequest.getSession().removeAttribute("_const_cas_assertion_");
            StringBuilder sb = new StringBuilder();
            sb.append(this.serverUrlPrefix);
            if (!this.serverUrlPrefix.endsWith("/")) {
                sb.append("/");
            }
            sb.append("logout");
            logout(httpServletRequest, httpServletResponse);
            this.authenticationRedirectStrategy.redirect(httpServletRequest, httpServletResponse, CommonUtils.constructRedirectUrl(sb.toString(), getServiceParameterName(), CommonUtils.isNotBlank(httpServletRequest.getParameter("service")) ? httpServletRequest.getParameter("service") : constructServiceUrl.replace(this.logoutUri, ""), false, false));
            return false;
        }
        HttpSession session = httpServletRequest.getSession(false);
        if ((session != null ? (Assertion) session.getAttribute("_const_cas_assertion_") : null) != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return false;
        }
        if (CommonUtils.isNotBlank(retrieveTicketFromRequest(httpServletRequest))) {
            return true;
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append(this.serverUrlPrefix);
        if (!this.serverUrlPrefix.endsWith("/")) {
            sb2.append("/");
        }
        sb2.append("login");
        String constructRedirectUrl = CommonUtils.constructRedirectUrl(sb2.toString(), getServiceParameterName(), constructServiceUrl, false, false);
        this.logger.debug("redirecting to \"{}\"", constructRedirectUrl);
        this.authenticationRedirectStrategy.redirect(httpServletRequest, httpServletResponse, constructRedirectUrl);
        return false;
    }

    private boolean isLogoutRequest(String str, HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getContextPath().equals("/") ? httpServletRequest.getRequestURI() : httpServletRequest.getRequestURI().replaceAll(httpServletRequest.getContextPath(), "")).equals(str);
    }

    private FilterConfig getFilterConfig(FilterConfig filterConfig) {
        ClientFilterConfig clientFilterConfig = new ClientFilterConfig(filterConfig);
        this.serverUrlPrefix = getPropertyFromInitParams(filterConfig, "serverUrlPrefix", null);
        this.clientUri = getPropertyFromInitParams(filterConfig, "clientUri", null);
        this.logoutUri = getPropertyFromInitParams(filterConfig, "logoutUri", null);
        clientFilterConfig.setInitParameter("casServerUrlPrefix", this.serverUrlPrefix);
        clientFilterConfig.setInitParameter("serverName", this.clientUri);
        clientFilterConfig.setInitParameter("encoding", getPropertyFromInitParams(filterConfig, "encoding", "UTF-8"));
        return clientFilterConfig;
    }

    @Override // com.reps.sso.client.validation.RepsAbstractTicketValidationFilter
    protected void initInternal(FilterConfig filterConfig) throws ServletException {
        FilterConfig filterConfig2 = getFilterConfig(filterConfig);
        ConfigConstants.serverUrlPrefix = this.serverUrlPrefix;
        ConfigConstants.clientUri = this.clientUri;
        String propertyFromInitParams = getPropertyFromInitParams(filterConfig2, "clusterNodeUrls", null);
        if (CommonUtils.isNotBlank(propertyFromInitParams)) {
            try {
                HANDLER.setClusterUrls(Arrays.asList(propertyFromInitParams.split(",")));
            } catch (Exception e) {
                throw new ServletException("设置集群节点地址失败，请检查web.xml中[clusterNodeUrls]的配置，多个请用英文的[,]分隔。");
            }
        }
        String propertyFromInitParams2 = getPropertyFromInitParams(filterConfig2, "proxyGrantingTicketStorageClass", null);
        if (propertyFromInitParams2 != null) {
            this.proxyGrantingTicketStorage = (ProxyGrantingTicketStorage) ReflectUtils.newInstance(propertyFromInitParams2, new Object[0]);
            if (this.proxyGrantingTicketStorage instanceof AbstractEncryptedProxyGrantingTicketStorageImpl) {
                AbstractEncryptedProxyGrantingTicketStorageImpl abstractEncryptedProxyGrantingTicketStorageImpl = this.proxyGrantingTicketStorage;
                String propertyFromInitParams3 = getPropertyFromInitParams(filterConfig2, "cipherAlgorithm", "DESede");
                String propertyFromInitParams4 = getPropertyFromInitParams(filterConfig2, "secretKey", null);
                abstractEncryptedProxyGrantingTicketStorageImpl.setCipherAlgorithm(propertyFromInitParams3);
                if (propertyFromInitParams4 != null) {
                    try {
                        abstractEncryptedProxyGrantingTicketStorageImpl.setSecretKey(propertyFromInitParams4);
                    } catch (Exception e2) {
                        throw new RuntimeException(e2);
                    }
                }
            }
        }
        this.millisBetweenCleanUps = Integer.parseInt(getPropertyFromInitParams(filterConfig2, "millisBetweenCleanUps", Integer.toString(DEFAULT_MILLIS_BETWEEN_CLEANUPS)));
        super.initInternal(filterConfig2);
    }

    @Override // com.reps.sso.client.validation.RepsAbstractTicketValidationFilter
    public void init() {
        super.setServerName(this.clientUri);
        super.init();
        CommonUtils.assertNotNull(this.proxyGrantingTicketStorage, "proxyGrantingTicketStorage cannot be null.");
        if (this.timer == null) {
            this.timer = new Timer(true);
        }
        if (this.timerTask == null) {
            this.timerTask = new CleanUpTimerTask(this.proxyGrantingTicketStorage);
        }
        this.timer.schedule(this.timerTask, this.millisBetweenCleanUps, this.millisBetweenCleanUps);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static RepsSingleSignOutHandler getSingleSignOutHandler() {
        return HANDLER;
    }

    public void setAuthenticationRedirectStrategy(AuthenticationRedirectStrategy authenticationRedirectStrategy) {
        this.authenticationRedirectStrategy = authenticationRedirectStrategy;
    }
}
