package com.zving.zas.client;

import com.zving.zas.ClientConfig;
import com.zving.zas.Constant;
import com.zving.zas.UserData;
import com.zving.zas.Util;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.Provider;
import java.security.Security;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/zving/zas/client/ZASFilter.class */
public class ZASFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
        try {
            Security.addProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance());
        } catch (Exception e) {
            System.out.println("未能加载BouncyCastleProvider，请使用JDK自带的Provider。");
        }
        PGTUtil.initCert();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        if (session != null && session.getAttribute(Constant.UserSessionAttrName) != null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String decode = URLDecoder.decode(getReferer(httpServletRequest), "UTF-8");
        if (ClientConfig.isProxyEnable() && ClientConfig.getMode() == 3 && decode.startsWith(ClientConfig.getProxyCallbackURL())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (ClientConfig.getMode() == 4) {
            String parameter = httpServletRequest.getParameter("UserData");
            String parameter2 = httpServletRequest.getParameter("PT");
            if (parameter != null && !parameter.equals("")) {
                UserData authenticatedUserInTrustMode = getAuthenticatedUserInTrustMode(httpServletRequest);
                if (authenticatedUserInTrustMode == null) {
                    throw new ServletException("UserData未正确解密,请检查ServiceURL是否正确!");
                }
                if (session != null) {
                    session.setAttribute(Constant.UserSessionAttrName, authenticatedUserInTrustMode);
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (parameter2 != null && !parameter2.equals("")) {
                UserData proxyedAuthenticatedUser = getProxyedAuthenticatedUser(httpServletRequest);
                if (proxyedAuthenticatedUser == null) {
                    throw new ServletException("ProxyTicket未通过ZAS验证,请检查ServiceURL是否正确!");
                }
                if (session != null) {
                    session.setAttribute(Constant.UserSessionAttrName, proxyedAuthenticatedUser);
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (ClientConfig.getServerURL() == null) {
                throw new ServletException("未设置ZASServerURL!");
            }
            String stringBuffer = ClientConfig.isNeedNewLogin() ? new StringBuffer("&NeedNewLogin=").append(ClientConfig.isNeedNewLogin()).toString() : "";
            String encode = URLEncoder.encode(decode, "UTF-8");
            if (encode.indexOf("161.207.1.10") != -1) {
                httpServletResponse.sendRedirect(new StringBuffer("http://161.207.1.10/zas/Login.jsp?ServiceID=").append(ClientConfig.getServiceID()).append("&Referer=").append(encode).append(stringBuffer).toString());
                return;
            } else {
                httpServletResponse.sendRedirect(new StringBuffer(String.valueOf(ClientConfig.getServerURL())).append(Constant.LoginPage).append("?ServiceID=").append(ClientConfig.getServiceID()).append("&Referer=").append(encode).append(stringBuffer).toString());
                return;
            }
        }
        String parameter3 = httpServletRequest.getParameter("ST");
        String parameter4 = httpServletRequest.getParameter("PT");
        if (parameter3 != null && !parameter3.equals("")) {
            UserData authenticatedUserInCommonMode = getAuthenticatedUserInCommonMode(parameter3);
            if (authenticatedUserInCommonMode == null) {
                throw new ServletException("ServiceTicket未通过ZAS验证,请检查ServiceURL是否正确!");
            }
            if (session != null) {
                session.setAttribute(Constant.UserSessionAttrName, authenticatedUserInCommonMode);
                if (ClientConfig.isProxyEnable()) {
                    session.setAttribute("_PGT", PGTUtil.getPGT(authenticatedUserInCommonMode.getUserName()));
                    PGTUtil.removePGT(authenticatedUserInCommonMode.getUserName());
                }
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (parameter4 == null || parameter4.equals("")) {
            if (ClientConfig.getServerURL() == null) {
                throw new ServletException("未设置ZASServerURL!");
            }
            httpServletResponse.sendRedirect(new StringBuffer(String.valueOf(ClientConfig.getServerURL())).append(Constant.LoginPage).append("?ServiceID=").append(ClientConfig.getServiceID()).append("&Referer=").append(decode).append(ClientConfig.isNeedNewLogin() ? new StringBuffer("&NeedNewLogin=").append(ClientConfig.isNeedNewLogin()).toString() : "").toString());
            return;
        }
        UserData proxyedAuthenticatedUser2 = getProxyedAuthenticatedUser(httpServletRequest);
        if (proxyedAuthenticatedUser2 == null) {
            throw new ServletException("ProxyTicket未通过ZAS验证,请检查ServiceURL是否正确!");
        }
        if (session != null) {
            session.setAttribute(Constant.UserSessionAttrName, proxyedAuthenticatedUser2);
            if (ClientConfig.isProxyEnable()) {
                session.setAttribute("_PGT", PGTUtil.getPGT(proxyedAuthenticatedUser2.getUserName()));
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public void destroy() {
    }

    private UserData getAuthenticatedUserInCommonMode(String str) throws ServletException, IOException {
        ServiceTicketValidator serviceTicketValidator = new ServiceTicketValidator();
        serviceTicketValidator.setTicket(str);
        serviceTicketValidator.validate();
        return serviceTicketValidator.getUser();
    }

    private UserData getAuthenticatedUserInTrustMode(HttpServletRequest httpServletRequest) throws ServletException, IOException {
        ServiceTicketValidator serviceTicketValidator = new ServiceTicketValidator();
        serviceTicketValidator.response = new String(Util.base64Decode(httpServletRequest.getParameter("UserData")), "UTF-8");
        serviceTicketValidator.parseResponse();
        if (ClientConfig.isProxyEnable()) {
            httpServletRequest.getSession().setAttribute("_PGT", serviceTicketValidator.getProxyGrantingTicket());
            PGTUtil.add(serviceTicketValidator.getUser().getUserName(), serviceTicketValidator.getProxyGrantingTicket());
        }
        return serviceTicketValidator.getUser();
    }

    private UserData getProxyedAuthenticatedUser(HttpServletRequest httpServletRequest) throws ServletException, IOException {
        ProxyTicketValidator proxyTicketValidator = new ProxyTicketValidator();
        proxyTicketValidator.setTicket(httpServletRequest.getParameter("PT"));
        proxyTicketValidator.setProxyServiceID(httpServletRequest.getParameter(Constant.Service));
        String parameter = httpServletRequest.getParameter(Constant.UserNameVar);
        if (parameter != null && ClientConfig.isProxyEnable() && !PGTUtil.existPGT(parameter)) {
            proxyTicketValidator.setNeedPGT(true);
        }
        proxyTicketValidator.validate();
        if (ClientConfig.isProxyEnable() && proxyTicketValidator.getProxyGrantingTicket() != null) {
            httpServletRequest.getSession().setAttribute("_PGT", proxyTicketValidator.getProxyGrantingTicket());
            PGTUtil.add(proxyTicketValidator.getUser().getUserName(), proxyTicketValidator.getProxyGrantingTicket());
        }
        return proxyTicketValidator.getUser();
    }

    public static String getReferer(HttpServletRequest httpServletRequest) throws ServletException {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(httpServletRequest.getScheme());
        stringBuffer.append("://");
        stringBuffer.append(httpServletRequest.getServerName());
        if (httpServletRequest.getServerPort() != 80 && httpServletRequest.getScheme().equals("http")) {
            stringBuffer.append(":");
            stringBuffer.append(httpServletRequest.getServerPort());
        }
        if (httpServletRequest.getServerPort() != 443 && httpServletRequest.getScheme().equals("https")) {
            stringBuffer.append(":");
            stringBuffer.append(httpServletRequest.getServerPort());
        }
        stringBuffer.append(httpServletRequest.getRequestURI());
        if (httpServletRequest.getQueryString() != null) {
            stringBuffer.append("?");
            stringBuffer.append(httpServletRequest.getQueryString());
        }
        try {
            return URLEncoder.encode(stringBuffer.toString(), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            throw new ServletException("未能正确得到ServiceURL!");
        }
    }
}
