package nccloud.ws.opm.core.filter;

import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nc.bs.framework.common.RuntimeEnv;
import nc.bs.logging.Logger;
import nc.ws.opm.oauth.pojo.UserLoginVO;
import nc.ws.opm.oauth.service.OAuth2Service;
import nc.ws.opm.oauth.service.impl.OAuth2ServiceImpl;
import nc.ws.opm.pub.cache.OAuthCache;
import nc.ws.opm.pub.exception.BizException;
import nc.ws.opm.pub.utils.OPMConfig;
import nc.ws.opm.pub.utils.http.BodyHttpServletRequestWrapper;
import nc.ws.opm.pub.utils.http.BodyHttpServletResponseWrapper;
import nc.ws.opm.pub.utils.http.BodyHttpServletResponseWrapper4t;
import nc.ws.opm.pub.utils.result.ResultMessage;
import nc.ws.opm.pub.utils.security.compress.CompressUtil;
import nc.ws.opm.thirdapp.service.IThirdAppService;
import nc.ws.opm.thirdapp.service.impl.ThirdAppServiceImpl;
import org.apache.commons.lang3.StringUtils;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.owasp.esapi.ESAPI;

/* loaded from: input_file:nccloud/ws/opm/core/filter/OpenCloudOAuthFilter.class */
public class OpenCloudOAuthFilter implements Filter {
    private static final String CLIENT_ID = "client_id";
    private static final String RESPONSE_TYPE = "response_type";
    private static final String REDIRECT_URI = "redirect_uri";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String STATE = "state";
    private static final String CODE = "code";
    private static final String RSLCODE0 = "0";
    private static final String RSLCODE5 = "5";
    private JsonParser jsonParser = new JsonParser();
    private OAuth2Service oAuth2Service = new OAuth2ServiceImpl();
    private IThirdAppService thirdAppService = new ThirdAppServiceImpl();

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        BodyHttpServletRequestWrapper bodyHttpServletRequestWrapper = new BodyHttpServletRequestWrapper(httpServletRequest);
        BodyHttpServletResponseWrapper4t bodyHttpServletResponseWrapper = (RuntimeEnv.isRunningInWebSphere() || RuntimeEnv.isRunningInWeblogic()) ? new BodyHttpServletResponseWrapper(httpServletResponse) : new BodyHttpServletResponseWrapper4t(httpServletResponse);
        try {
            String[] split = httpServletRequest.getHeader("Referer").split("\\?");
            if (split.length > 1) {
                String str = null;
                String str2 = null;
                String str3 = null;
                String str4 = null;
                for (String str5 : split[1].split("&")) {
                    if (str5.startsWith(CLIENT_ID)) {
                        str = str5.substring(CLIENT_ID.length() + 1);
                    } else if (str5.startsWith(RESPONSE_TYPE)) {
                        str2 = str5.substring(RESPONSE_TYPE.length() + 1);
                    } else if (str5.startsWith(REDIRECT_URI)) {
                        str3 = str5.substring(REDIRECT_URI.length() + 1);
                    } else if (str5.startsWith(STATE)) {
                        str4 = str5.substring(STATE.length() + 1);
                    }
                }
                if (StringUtils.isNotEmpty(str)) {
                    bodyHttpServletRequestWrapper.setParameter(CLIENT_ID, str);
                    bodyHttpServletRequestWrapper.setParameter(RESPONSE_TYPE, str2);
                    bodyHttpServletRequestWrapper.setParameter(REDIRECT_URI, str3);
                    bodyHttpServletRequestWrapper.setParameter(STATE, str4);
                    bodyHttpServletRequestWrapper.setHeader(CONTENT_TYPE, "application/x-www-form-urlencoded");
                    OAuthAuthzRequest oAuthAuthzRequest = new OAuthAuthzRequest(bodyHttpServletRequestWrapper);
                    if (this.thirdAppService.getThirdAppInfoByAppId(str) == null) {
                        throw new Exception("应用未授权");
                    }
                    filterChain.doFilter(bodyHttpServletRequestWrapper, bodyHttpServletResponseWrapper);
                    JsonElement parse = this.jsonParser.parse(bodyHttpServletResponseWrapper.getBody().trim());
                    String asString = parse.getAsString();
                    if (Boolean.parseBoolean(OPMConfig.getValue("isGzip"))) {
                        parse = new JsonParser().parse(CompressUtil.gzipDecompress(asString));
                    }
                    if (parse.isJsonObject()) {
                        JsonElement jsonElement = parse.getAsJsonObject().get("data");
                        if (jsonElement.isJsonObject()) {
                            JsonObject asJsonObject = jsonElement.getAsJsonObject();
                            String asString2 = asJsonObject.get("rslCode").getAsString();
                            if (RSLCODE0.equals(asString2) || RSLCODE5.equals(asString2)) {
                                String trim = OAuthASResponse.authorizationResponse(httpServletRequest, 302).setCode(this.oAuth2Service.createCode(new UserLoginVO(), str3, str)).location(str3).buildQueryMessage().getLocationUri().trim();
                                String[] split2 = trim.split("\\?");
                                if (split2.length > 1) {
                                    trim = split2[0] + "?" + ESAPI.encoder().encodeForURL(split2[1]);
                                }
                                if (RSLCODE0.equals(asString2)) {
                                    checkParameter(oAuthAuthzRequest);
                                    asJsonObject.addProperty("index", trim);
                                }
                                httpServletResponse.getWriter().write(parse.toString());
                            }
                        }
                    }
                } else {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                }
            } else {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        } catch (Exception e) {
            Logger.error(e.getMessage(), e);
            httpServletResponse.getWriter().write(ResultMessage.exceptionToJSON(new BizException("", e.getMessage())));
        }
    }

    private void checkParameter(OAuthAuthzRequest oAuthAuthzRequest) throws Exception {
        oAuthAuthzRequest.getClientId();
        String responseType = oAuthAuthzRequest.getResponseType();
        String redirectURI = oAuthAuthzRequest.getRedirectURI();
        String state = oAuthAuthzRequest.getState();
        if (!"code".equals(responseType)) {
            throw new BizException("", "response_type只支持code，授权码模式");
        }
        if (StringUtils.isEmpty(redirectURI)) {
            throw new BizException("", "重定向地址不能为空");
        }
        if (StringUtils.isBlank(state)) {
            throw new BizException("", "非法请求");
        }
        String str = OAuthCache.get_redirect_uri(state);
        if (str == null || !str.equals(redirectURI)) {
            throw new BizException("", "redirect_uri被篡改");
        }
        OAuthCache.remove_redirect_uri(state);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
