package cn.com.jit.assp.ias.sp.saml11;

import cn.com.jit.assp.ias.constant.Constants;
import cn.com.jit.assp.ias.constant.Errors;
import cn.com.jit.assp.ias.http.HttpServerStatusChecker;
import cn.com.jit.assp.ias.principal.UserPrincipal;
import cn.com.jit.assp.ias.saml.saml11.SAMLMessage;
import cn.com.jit.assp.ias.saml.saml11.SAMLUtils;
import cn.com.jit.assp.ias.saml.saml11.SAMLValidityChecker;
import cn.com.jit.assp.ias.sp.saml11.compatible.PrincipalSetterFactory;
import cn.com.jit.assp.ias.sp.saml11.config.AgentConfigException;
import cn.com.jit.assp.ias.sp.saml11.config.Configuration;
import cn.com.jit.assp.ias.sp.saml11.config.XMLConfiguration;
import cn.com.jit.assp.ias.sp.saml11.config.util.GatewayList;
import cn.com.jit.assp.ias.sp.saml11.config.util.GatewayTimerTask;
import cn.com.jit.cinas.commons.i18n.TextBundle;
import cn.com.jit.cinas.commons.jaxp.DocumentBuilderConfigurator;
import cn.com.jit.cinas.commons.jaxp.DocumentBuilderFactoryConfigurator;
import cn.com.jit.cinas.commons.jaxp.DocumentBuilderPool;
import cn.com.jit.cinas.commons.jaxp.JAXPException;
import cn.com.jit.cinas.commons.session.Session;
import cn.com.jit.cinas.commons.session.SessionManagementException;
import cn.com.jit.cinas.commons.util.IoUtils;
import cn.com.jit.cinas.commons.util.RequestUtils;
import java.io.IOException;
import java.io.InputStream;
import java.util.Date;
import java.util.Timer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:cn/com/jit/assp/ias/sp/saml11/AccessController.class */
public class AccessController implements Filter {
    private static final Log logger = LogFactory.getLog(AccessController.class);
    protected static final TextBundle bundle = TextBundle.getInstance(Constants.ERROR_PROPERTIES);
    private ArtifactProcessor artifactProcessor;
    private PrincipalSetter principalSetter;
    private Configuration config;
    private HttpServerStatusChecker checker;

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (checkExcept(httpServletRequest)) {
            logger.debug("request a except url , do not authenticate");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (checkSession(httpServletRequest)) {
            if (checkArtifact(httpServletRequest)) {
                logger.debug("clean artifact");
                httpServletResponse.sendRedirect(SAMLUtils.getClearRequestUrl(httpServletRequest));
                return;
            } else if (SPUtil.getUserPrincipal(httpServletRequest) == null) {
                logout(httpServletRequest, httpServletResponse);
                return;
            } else {
                logger.debug("check sso session successful");
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (isEnableOffline()) {
            logger.debug("process OffLineStrategy");
            if (this.config.getGatewayList().getUsedGateway() == null) {
                logger.debug("Set offline flag");
                if (!isPermitted()) {
                    gotoErrorPage(httpServletRequest, httpServletResponse, Errors.MESSAGE_CODE_1300D0B4, "OffLineStrategy", "");
                    return;
                }
                setOffLineFlag(httpServletRequest);
                if (checkArtifact(httpServletRequest)) {
                    httpServletResponse.sendRedirect(SAMLUtils.getClearRequestUrl(httpServletRequest));
                    return;
                } else {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
            }
            logger.debug("Clear offline flag");
            clearOffLineFlag(httpServletRequest);
        }
        if (checkArtifact(httpServletRequest)) {
            logger.debug("process saml artifact");
            this.artifactProcessor.handle(httpServletRequest, httpServletResponse);
        } else {
            logger.debug("sso session not found , redirect to login");
            gotoLogin(httpServletRequest, httpServletResponse);
        }
    }

    public final void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Cookie[] cookies = httpServletRequest.getCookies();
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equals(SPConst.KEY_SP_TOKEN_NAME)) {
                cookies[i].setMaxAge(0);
                cookies[i].setPath("/");
                httpServletResponse.addCookie(cookies[i]);
            }
        }
        String buildUrlWithTargetAndArtifact = SAMLUtils.buildUrlWithTargetAndArtifact("https://" + getGatewayIp(this.config.getGatewayList().getUsedGateway().getAvailableTesting()) + ":4443/saml11/LoginService?method=logout", httpServletRequest.getRequestURL().toString(), (String) null);
        logger.info(" logout url " + buildUrlWithTargetAndArtifact);
        httpServletResponse.sendRedirect(buildUrlWithTargetAndArtifact);
    }

    private String getGatewayIp(String str) {
        return str.split(":")[1].substring(2);
    }

    private final boolean checkExcept(HttpServletRequest httpServletRequest) {
        String[] notAuthenticate = this.config.getJ2EEAgentSet().getNotAuthenticate();
        if (notAuthenticate == null || notAuthenticate.length == 0) {
            return false;
        }
        String lowerCase = RequestUtils.getRequestURI(httpServletRequest).toLowerCase();
        if (logger.isDebugEnabled()) {
            logger.debug("client request uri : " + lowerCase);
        }
        for (String str : notAuthenticate) {
            if (lowerCase.indexOf(str) == 0) {
                if (!logger.isDebugEnabled()) {
                    return true;
                }
                logger.debug("match : " + str);
                return true;
            }
        }
        return false;
    }

    private final boolean checkSession(HttpServletRequest httpServletRequest) {
        String sessionId = SPUtil.getSessionId(httpServletRequest);
        if (sessionId == null || sessionId.trim().equals("")) {
            return false;
        }
        try {
            Session session = this.config.getSessionManager().getSession(sessionId);
            if (session == null) {
                return false;
            }
            if (!SAMLValidityChecker.checkValidity((Date) session.getAttribute("_saml_not_before"), (Date) session.getAttribute("_saml_not_on_or_after"))) {
                session.invalidate();
                return false;
            }
            if (this.config.isUseSessionScope()) {
                return true;
            }
            this.principalSetter.setUserPrincipal(httpServletRequest, (UserPrincipal) session.getAttribute(SPConst.KEY_SP_ATTR_USER_PRINCIPAL));
            return true;
        } catch (SessionManagementException e) {
            logger.error("SessionManagerException ! ", e);
            return false;
        }
    }

    private final boolean checkArtifact(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("SAMLArt") != null;
    }

    private boolean isEnableOffline() {
        return this.config.getAgentSet().getOffLine().isEnable();
    }

    private void clearOffLineFlag(HttpServletRequest httpServletRequest) {
        if (this.config.isUseSessionScope()) {
            httpServletRequest.getSession().removeAttribute(SPConst.KEY_SP_OFFLINE_USERSCOPE_NAME);
        } else {
            httpServletRequest.removeAttribute(SPConst.KEY_SP_OFFLINE_USERSCOPE_NAME);
        }
    }

    private boolean isPermitted() {
        return "Permit".equals(this.config.getAgentSet().getOffLine().getAccessStrategy());
    }

    private void setOffLineFlag(HttpServletRequest httpServletRequest) {
        if (this.config.isUseSessionScope()) {
            httpServletRequest.getSession().setAttribute(SPConst.KEY_SP_OFFLINE_USERSCOPE_NAME, SPConst.KEY_SP_OFFLINE_USERSCOPE_VALUE);
        } else {
            httpServletRequest.setAttribute(SPConst.KEY_SP_OFFLINE_USERSCOPE_NAME, SPConst.KEY_SP_OFFLINE_USERSCOPE_VALUE);
        }
    }

    private final void gotoErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws ServletException, IOException {
        SAMLMessage sAMLMessage = new SAMLMessage();
        sAMLMessage.setCode(str);
        sAMLMessage.setMessage(bundle.getText(str));
        sAMLMessage.setLocation(str2);
        sAMLMessage.setDetail(str3);
        httpServletRequest.setAttribute("_saml_action_error", sAMLMessage);
        if (logger.isDebugEnabled()) {
            logger.debug("forward to error page : " + this.config.getJ2EEAgentSet().getErrorPage());
        }
        RequestUtils.getRequestDispatcher(httpServletRequest, this.config.getJ2EEAgentSet().getErrorPage()).forward(httpServletRequest, httpServletResponse);
    }

    private final void gotoLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        clearUserPrincipal(httpServletRequest, httpServletResponse);
        String buildUrlWithTargetAndArtifact = SAMLUtils.buildUrlWithTargetAndArtifact(this.config.getGatewayList().getUsedGateway().getLoginURL(), SAMLUtils.getClearRequestUrl(httpServletRequest), (String) null);
        if (logger.isDebugEnabled()) {
            logger.debug("send redirect to : " + buildUrlWithTargetAndArtifact);
        }
        httpServletResponse.sendRedirect(buildUrlWithTargetAndArtifact);
    }

    private final void clearUserPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session;
        if (!this.config.isUseSessionScope() || (session = httpServletRequest.getSession()) == null) {
            return;
        }
        session.removeAttribute(this.config.getJ2EEAgentSet().getUserInfoKeyName());
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        XMLConfiguration xMLConfiguration = XMLConfiguration.getInstance();
        String initParameter = filterConfig.getInitParameter(SPConst.KEY_SP_WEBCFG_AMCONFIG);
        if (initParameter == null) {
            throw new ServletException("Config file path not be set");
        }
        if (logger.isDebugEnabled()) {
            logger.debug("SPConfig path = " + initParameter);
        }
        ServletContext servletContext = filterConfig.getServletContext();
        logger.info("Start initializing AccessController");
        InputStream resourceAsStream = servletContext.getResourceAsStream(initParameter);
        try {
            try {
                xMLConfiguration.configure(DocumentBuilderPool.getInstance((DocumentBuilderFactoryConfigurator) null, (DocumentBuilderConfigurator) null).parse(resourceAsStream));
                this.config = xMLConfiguration;
                this.artifactProcessor = new ArtifactProcessor();
                this.principalSetter = PrincipalSetterFactory.build();
                if (isEnableOffline()) {
                    this.checker = new HttpServerStatusChecker(this.config.getAgentSet().getOffLine().getTestPeriod());
                    new Timer().schedule(new GatewayTimerTask(), 0L, this.config.getAgentSet().getOffLine().getTestPeriod() * 1000);
                    logger.info("GateWay Thread ");
                } else {
                    new GatewayList();
                    this.config.getGatewayList().get(0).setAlive(true);
                }
                logger.info("Initialize AccessController complete");
                IoUtils.close(resourceAsStream);
            } catch (AgentConfigException e) {
                e.printStackTrace();
                logger.error("", e);
                throw new ServletException(e);
            }
        } catch (JAXPException e2) {
            e2.printStackTrace();
            logger.error("", e2);
            throw new ServletException(e2);
        } catch (IOException e3) {
            e3.printStackTrace();
            logger.error("Read " + initParameter + " file error, please check web.xml config.", e3);
            throw new ServletException(e3);
        } catch (SAXException e4) {
            e4.printStackTrace();
            logger.error(" The XML parser error, please check " + initParameter + " config.", e4);
            throw new ServletException(e4);
        }
    }
}
