package org.yx.http.user;

import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.Charset;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.yx.base.context.ActionContext;
import org.yx.base.sumk.UnsafeByteArrayOutputStream;
import org.yx.common.util.S;
import org.yx.conf.AppInfo;
import org.yx.exception.BizException;
import org.yx.http.HttpErrorCode;
import org.yx.http.HttpHeaderName;
import org.yx.http.kit.HttpSettings;
import org.yx.http.kit.InnerHttpUtil;
import org.yx.http.log.HttpLogs;
import org.yx.log.Logs;
import org.yx.util.StringUtil;
import org.yx.util.UUIDSeed;

/* loaded from: input_file:org/yx/http/user/AbstractLoginServlet.class */
public abstract class AbstractLoginServlet implements LoginServlet {
    private static final String LOGIN_NAME = "*login*";
    private static final String NEW_SESSION_ID = "sumk.http.session.id";
    private UserSession session;

    @Override // org.yx.http.user.LoginServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        long currentTimeMillis = System.currentTimeMillis();
        Charset charset = InnerHttpUtil.charset(httpServletRequest);
        try {
            try {
                InnerHttpUtil.startContext(httpServletRequest, httpServletResponse, LOGIN_NAME);
                if (!acceptMethod(httpServletRequest, httpServletResponse)) {
                    Logs.http().warn("不是login的有效method，比如HEAD等方法可能不支持");
                    long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                    HttpLogs.log(null, httpServletRequest, null, currentTimeMillis2);
                    InnerHttpUtil.record(LOGIN_NAME, currentTimeMillis2, 0 == 0);
                    ActionContext.remove();
                    return;
                }
                InnerHttpUtil.setRespHeader(httpServletResponse, charset);
                String createSessionId = createSessionId(httpServletRequest);
                String userName = getUserName(httpServletRequest);
                LoginObject login = login(createSessionId, userName, httpServletRequest);
                if (login == null) {
                    InnerHttpUtil.sendError(httpServletResponse, HttpErrorCode.LOGINFAILED, userName + " : login failed", charset);
                    long currentTimeMillis3 = System.currentTimeMillis() - currentTimeMillis;
                    HttpLogs.log(null, httpServletRequest, null, currentTimeMillis3);
                    InnerHttpUtil.record(LOGIN_NAME, currentTimeMillis3, 0 == 0);
                    ActionContext.remove();
                    return;
                }
                if (login.getErrorMsg() != null) {
                    InnerHttpUtil.sendError(httpServletResponse, HttpErrorCode.LOGINFAILED, login.getErrorMsg(), charset);
                    long currentTimeMillis4 = System.currentTimeMillis() - currentTimeMillis;
                    HttpLogs.log(null, httpServletRequest, null, currentTimeMillis4);
                    InnerHttpUtil.record(LOGIN_NAME, currentTimeMillis4, 0 == 0);
                    ActionContext.remove();
                    return;
                }
                if (login.getSessionObject() == null || StringUtil.isEmpty(login.getSessionObject().getUserId())) {
                    Logs.http().warn("{} :sid:{} 未正确设置session对象，或者session对象中的userId为空", userName, createSessionId);
                    InnerHttpUtil.sendError(httpServletResponse, HttpErrorCode.LOGINFAILED, "login fail", charset);
                    long currentTimeMillis5 = System.currentTimeMillis() - currentTimeMillis;
                    HttpLogs.log(null, httpServletRequest, null, currentTimeMillis5);
                    InnerHttpUtil.record(LOGIN_NAME, currentTimeMillis5, 0 == 0);
                    ActionContext.remove();
                    return;
                }
                Object attribute = httpServletRequest.getAttribute(NEW_SESSION_ID);
                if (attribute instanceof String) {
                    Logs.http().debug("change sid {} to {}", createSessionId, attribute);
                    createSessionId = (String) attribute;
                }
                byte[] createEncryptKey = createEncryptKey(httpServletRequest);
                if (!setSession(httpServletRequest, createSessionId, login, createEncryptKey)) {
                    Logs.http().warn("{} :sid:{} login failed,maybe sessionId existed.", userName, createSessionId);
                    InnerHttpUtil.sendError(httpServletResponse, HttpErrorCode.LOGINFAILED, userName + " : login failed.", charset);
                    long currentTimeMillis6 = System.currentTimeMillis() - currentTimeMillis;
                    HttpLogs.log(null, httpServletRequest, null, currentTimeMillis6);
                    InnerHttpUtil.record(LOGIN_NAME, currentTimeMillis6, 0 == 0);
                    ActionContext.remove();
                    return;
                }
                String userId = login.getSessionObject().getUserId();
                httpServletResponse.setHeader(HttpHeaderName.sessionId(), createSessionId);
                if (StringUtil.isNotEmpty(userId)) {
                    httpServletResponse.setHeader(HttpHeaderName.userFlag(), userId);
                }
                if (HttpSettings.isCookieEnable()) {
                    String contextPath = httpServletRequest.getContextPath();
                    if (!contextPath.startsWith("/")) {
                        contextPath = "/" + contextPath;
                    }
                    String concat = ";Path=".concat(contextPath);
                    setSessionCookie(httpServletRequest, httpServletResponse, createSessionId, concat);
                    setUserFlagCookie(httpServletRequest, httpServletResponse, userId, concat);
                }
                UnsafeByteArrayOutputStream unsafeByteArrayOutputStream = new UnsafeByteArrayOutputStream(64);
                outputKey(unsafeByteArrayOutputStream, createEncryptKey, httpServletRequest, httpServletResponse);
                if (login.getResponseData() != null) {
                    unsafeByteArrayOutputStream.write(login.getResponseData().getBytes(charset));
                }
                httpServletResponse.getOutputStream().write(unsafeByteArrayOutputStream.toByteArray());
                long currentTimeMillis7 = System.currentTimeMillis() - currentTimeMillis;
                HttpLogs.log(null, httpServletRequest, null, currentTimeMillis7);
                InnerHttpUtil.record(LOGIN_NAME, currentTimeMillis7, 0 == 0);
                ActionContext.remove();
            } catch (Throwable th) {
                Logs.http().error("user:" + ((String) null) + ",message:" + th.getLocalizedMessage(), th);
                if (th instanceof BizException) {
                    BizException bizException = th;
                    InnerHttpUtil.sendError(httpServletResponse, bizException.getCode(), bizException.getMessage(), charset);
                } else {
                    InnerHttpUtil.sendError(httpServletResponse, HttpErrorCode.LOGINFAILED, "login fail:" + ((String) null), charset);
                }
                long currentTimeMillis8 = System.currentTimeMillis() - currentTimeMillis;
                HttpLogs.log(null, httpServletRequest, th, currentTimeMillis8);
                InnerHttpUtil.record(LOGIN_NAME, currentTimeMillis8, th == null);
                ActionContext.remove();
            }
        } catch (Throwable th2) {
            long currentTimeMillis9 = System.currentTimeMillis() - currentTimeMillis;
            HttpLogs.log(null, httpServletRequest, null, currentTimeMillis9);
            InnerHttpUtil.record(LOGIN_NAME, currentTimeMillis9, 0 == 0);
            ActionContext.remove();
            throw th2;
        }
    }

    protected boolean setSession(HttpServletRequest httpServletRequest, String str, LoginObject loginObject, byte[] bArr) {
        if (httpServletRequest.getAttribute(NEW_SESSION_ID) instanceof String) {
            return true;
        }
        return this.session.setSession(str, loginObject.getSessionObject(), bArr, HttpSettings.isSingleLogin());
    }

    protected boolean acceptMethod(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (HttpSettings.defaultHttpMethods().contains(httpServletRequest.getMethod())) {
            return true;
        }
        httpServletResponse.sendError(405, httpServletRequest.getMethod() + " not allowd");
        return false;
    }

    protected String getUserName(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(AppInfo.get("sumk.http.login.username", "username"));
    }

    protected void setSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        httpServletResponse.addHeader("Set-Cookie", new StringBuilder(64).append(HttpHeaderName.sessionId()).append('=').append(str).append(str2).toString());
    }

    protected void setUserFlagCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        if (HttpSettings.isSingleLogin() && StringUtil.isNotEmpty(str)) {
            StringBuilder sb = new StringBuilder();
            sb.append(HttpHeaderName.userFlag()).append('=').append(str).append(str2);
            httpServletResponse.addHeader("Set-Cookie", sb.toString());
        }
    }

    protected void outputKey(OutputStream outputStream, byte[] bArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (AppInfo.getBoolean("sumk.http.key.output.body", false)) {
            outputStream.write(S.base64().encode(bArr));
            outputStream.write(new byte[]{9, 10});
        }
        if (AppInfo.getBoolean("sumk.http.key.output.header", true)) {
            httpServletResponse.setHeader(AppInfo.get("sumk.http.header.skey", "skey"), S.base64().encodeToString(bArr));
        }
    }

    protected byte[] createEncryptKey(HttpServletRequest httpServletRequest) {
        return UUIDSeed.seq().substring(4).getBytes();
    }

    protected String createSessionId(HttpServletRequest httpServletRequest) {
        return UUIDSeed.random();
    }

    @Override // org.yx.http.user.LoginServlet
    public void init(ServletConfig servletConfig) {
        this.session = WebSessions.loadUserSession();
    }

    protected UserSession userSession() {
        return this.session;
    }

    protected abstract LoginObject login(String str, String str2, HttpServletRequest httpServletRequest) throws Exception;
}
