package y9.cas.jwt;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.jose4j.base64url.Base64;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.keys.AesKey;

/* loaded from: input_file:y9/cas/jwt/CheckJwtUserLoginFilter.class */
public class CheckJwtUserLoginFilter implements Filter {
    private static String TICKET_PARAM = "ticket";
    private static String LOGOUT_PARAM = "logoutRequest";
    private static String USER_SESSION_NAME = "userInfo";
    private static Key SIGN_KEY;
    private static Key DECRYPTION_KEY;
    private static String SERVER_NAME;
    private static String SSO_SERVER_URL;
    private static String SSO_SERVER_LOGIN_URL;
    private String decryptionKey;

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        SERVER_NAME = filterConfig.getInitParameter("serverName");
        SSO_SERVER_URL = filterConfig.getInitParameter("ssoServerUrl");
        SSO_SERVER_LOGIN_URL = SSO_SERVER_URL + "/login";
        SIGN_KEY = new AesKey(filterConfig.getInitParameter("signKey").getBytes(StandardCharsets.UTF_8));
        this.decryptionKey = filterConfig.getInitParameter("decryptionKey");
        DECRYPTION_KEY = new AesKey(this.decryptionKey.getBytes(StandardCharsets.UTF_8));
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        String parameter = servletRequest.getParameter(TICKET_PARAM);
        String parameter2 = servletRequest.getParameter(LOGOUT_PARAM);
        if (parameter2 != null) {
            try {
                if (!parameter2.trim().isEmpty()) {
                    servletRequest.removeAttribute(USER_SESSION_NAME);
                    servletRequest.removeAttribute("loginName");
                    session.invalidate();
                    UserInfolHolder.clear();
                    auth(httpServletRequest, httpServletResponse);
                    return;
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new ServletException("Invalid token.");
            }
        }
        UserInfo userInfo = (UserInfo) session.getAttribute(USER_SESSION_NAME);
        if (parameter != null && !parameter.trim().isEmpty()) {
            userInfo = assembleUser(session, parameter);
            if (userInfo != null) {
                httpServletResponse.sendRedirect((String) session.getAttribute("redirectUri"));
            }
        }
        if (userInfo == null) {
            auth(httpServletRequest, httpServletResponse);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private UserInfo assembleUser(HttpSession httpSession, String str) {
        try {
            JsonWebSignature jsonWebSignature = new JsonWebSignature();
            jsonWebSignature.setCompactSerialization(str);
            jsonWebSignature.setKey(SIGN_KEY);
            if (!jsonWebSignature.verifySignature()) {
                throw new Exception("JWT verification failed");
            }
            String str2 = new String(Base64.decode(jsonWebSignature.getEncodedPayload()), StandardCharsets.UTF_8);
            JsonWebEncryption jsonWebEncryption = new JsonWebEncryption();
            HashMap hashMap = new HashMap();
            hashMap.put("kty", "oct");
            hashMap.put("k", this.decryptionKey);
            JsonWebKey newJwk = JsonWebKey.Factory.newJwk(hashMap);
            jsonWebEncryption.setCompactSerialization(str2);
            jsonWebEncryption.setKey(new AesKey(newJwk.getKey().getEncoded()));
            Map parseJson = JsonUtil.parseJson(jsonWebEncryption.getPlaintextString());
            UserInfo userInfo = new UserInfo();
            userInfo.setSex(Integer.valueOf(Integer.parseInt(String.valueOf(parseJson.get("sex")))));
            userInfo.setOriginal(Integer.valueOf(Integer.parseInt(String.valueOf(parseJson.get("original")))));
            userInfo.setTenantManager(Boolean.valueOf(Boolean.parseBoolean(String.valueOf(parseJson.get("tenantManager")))));
            userInfo.setLoginName((String) parseJson.get("loginName"));
            userInfo.setTenantID((String) parseJson.get("tenantID"));
            userInfo.setTenantLoginName((String) parseJson.get("tenantLoginName"));
            userInfo.setTenantName((String) parseJson.get("tenantName"));
            userInfo.setPersonID((String) parseJson.get("personID"));
            userInfo.setCAID((String) parseJson.get("CAID"));
            userInfo.setEmail((String) parseJson.get("email"));
            userInfo.setMobile((String) parseJson.get("mobile"));
            userInfo.setGuidPath((String) parseJson.get("guidPath"));
            userInfo.setDn((String) parseJson.get("dn"));
            userInfo.setLoginType((String) parseJson.get("loginType"));
            userInfo.setName((String) parseJson.get("name"));
            userInfo.setParentID((String) parseJson.get("parentID"));
            userInfo.setIDNum((String) parseJson.get("IDNum"));
            userInfo.setAvator((String) parseJson.get("avator"));
            userInfo.setPersonType((String) parseJson.get("personType"));
            userInfo.setIsValidateIE((String) parseJson.get("isValidateIE"));
            userInfo.setOriginalID((String) parseJson.get("originalID"));
            userInfo.setRoles((String) parseJson.get("roles"));
            httpSession.setAttribute("loginName", (String) parseJson.get("loginName"));
            httpSession.setAttribute(USER_SESSION_NAME, userInfo);
            UserInfolHolder.setUserInfo(userInfo);
            return userInfo;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public void auth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpSession session = httpServletRequest.getSession();
        String str = SERVER_NAME + httpServletRequest.getRequestURI() + (httpServletRequest.getQueryString() != null ? "?" + httpServletRequest.getQueryString() : "");
        session.setAttribute("redirectUri", str);
        httpServletResponse.sendRedirect(SSO_SERVER_LOGIN_URL + "?service=" + str);
    }
}
