package com.flyfish.oauth.filter;

import com.flyfish.oauth.client.DefaultOAuth2SsoClient;
import com.flyfish.oauth.client.RestClient;
import com.flyfish.oauth.common.OAuth2GrantType;
import com.flyfish.oauth.configuration.OAuth2SsoProperties;
import com.flyfish.oauth.configuration.SSOSessionConverter;
import com.flyfish.oauth.domain.OAuthSSOToken;
import com.flyfish.oauth.domain.raw.SSOUserInfo;
import com.flyfish.oauth.utils.OAuth2Utils;
import com.flyfish.oauth.utils.OAuthRequestParser;
import com.flyfish.oauth.utils.UserConvertUtils;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Iterator;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.Velocity;

@WebFilter(filterName = "authentication-filter", urlPatterns = {OAuth2SsoProperties.DEFAULT_REDIRECT_URI})
/* loaded from: input_file:com/flyfish/oauth/filter/SSORedirectFilter.class */
public class SSORedirectFilter extends ClientAwareFilter {
    @Override // com.flyfish.oauth.filter.ClientAwareFilter
    public void init(FilterConfig filterConfig) {
        super.init(filterConfig);
        Velocity.setProperty("resource.loader", "class");
        Velocity.setProperty("class.resource.loader.class", "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
        Velocity.setProperty("input.encoding", "UTF-8");
        Velocity.init();
    }

    @Override // com.flyfish.oauth.filter.ClientAwareFilter
    public void destroy() {
        super.destroy();
        RestClient.destroy();
    }

    private void initClient() {
        this.client = new DefaultOAuth2SsoClient();
        OAuth2SsoProperties oAuth2SsoProperties = new OAuth2SsoProperties();
        oAuth2SsoProperties.setClientId("test");
        oAuth2SsoProperties.setClientSecret("123456");
        oAuth2SsoProperties.setLocalUrl("http://localhost:8099/test");
        oAuth2SsoProperties.setServerUrl("http://localhost:8000");
        oAuth2SsoProperties.setUserInfoUri("/api/login/users/credentials");
        this.client.setProperties(oAuth2SsoProperties);
        this.client.init();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setCharacterEncoding("UTF-8");
        OAuthRequestParser parse = OAuthRequestParser.parse(httpServletRequest);
        String stringParam = parse.getStringParam(OAuth2Utils.CODE);
        if (StringUtils.isNotBlank(stringParam) && StringUtils.isNotBlank(parse.getStringParam(OAuth2Utils.STATE))) {
            OAuthSSOToken accessToken = this.authenticationEntryPoint.getAccessToken(stringParam, OAuth2GrantType.AUTHORIZATION_CODE, parse.getStringParam("redirect"));
            if (null == accessToken) {
                httpServletResponse.setStatus(500);
                return;
            }
            if (StringUtils.isBlank(accessToken.getAccessToken())) {
                this.authenticationEntryPoint.logout(httpServletRequest);
                httpServletResponse.sendRedirect(this.authenticationEntryPoint.redirectUrl(parse));
                return;
            }
            SSOUserInfo userInfo = this.authenticationEntryPoint.getUserInfo(accessToken.getAccessToken());
            httpServletRequest.setAttribute("user", userInfo);
            if (this.client.getSessionConverter().convert(httpServletRequest.getSession(), UserConvertUtils.convert(this.client.getUserService(), userInfo))) {
                Iterator<Cookie> it = accessToken.toCookies().iterator();
                while (it.hasNext()) {
                    httpServletResponse.addCookie(it.next());
                }
                render(httpServletRequest, httpServletResponse, getRedirect(httpServletRequest, this.client.getSessionConverter()), null);
                return;
            }
            render(httpServletRequest, httpServletResponse, this.client.getProperties().getServerUrl(), "登录认证出现异常，本地登录态转换不成功。请重试。");
        }
        httpServletResponse.setStatus(403);
    }

    private <T> String getRedirect(HttpServletRequest httpServletRequest, SSOSessionConverter<T> sSOSessionConverter) {
        String expectRedirectUri = sSOSessionConverter.expectRedirectUri(httpServletRequest);
        return StringUtils.isNotBlank(expectRedirectUri) ? expectRedirectUri : httpServletRequest.getParameter("redirect");
    }

    private void render(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws IOException {
        SSOUserInfo sSOUserInfo = (SSOUserInfo) httpServletRequest.getAttribute("user");
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        PrintWriter writer = httpServletResponse.getWriter();
        VelocityContext velocityContext = new VelocityContext();
        velocityContext.put("user", sSOUserInfo);
        velocityContext.put("redirect", str);
        velocityContext.put("error", str2);
        String str3 = (String) httpServletRequest.getSession().getAttribute("token");
        if (StringUtils.isNotBlank(str3)) {
            velocityContext.put("token", str3);
        }
        try {
            Template template = Velocity.getTemplate("templates/authenticate.vm");
            template.setEncoding("UTF-8");
            template.merge(velocityContext, writer);
        } catch (Exception e) {
            e.printStackTrace();
            writer.write("ERROR");
        }
    }
}
