package com.chinacreator.asp.comp.sys.oauth2.sso.client.filter;

import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.chinacreator.asp.comp.sys.oauth2.OAuth2Credential;
import com.chinacreator.asp.comp.sys.oauth2.OAuth2CredentialFactory;
import com.chinacreator.asp.comp.sys.oauth2.common.Credential;
import com.chinacreator.asp.comp.sys.oauth2.common.CredentialConfiguration;
import com.chinacreator.asp.comp.sys.oauth2.common.CredentialStore;
import com.chinacreator.asp.comp.sys.oauth2.common.exceptions.InvalidTokenException;
import com.chinacreator.asp.comp.sys.oauth2.common.exceptions.LoginExpiredException;
import com.chinacreator.asp.comp.sys.oauth2.common.exceptions.UnExpectedException;
import com.chinacreator.asp.comp.sys.oauth2.common.util.CORSUtil;
import com.chinacreator.asp.comp.sys.oauth2.common.util.CookieUtil;
import com.chinacreator.asp.comp.sys.oauth2.common.util.HeaderUtil;
import com.chinacreator.asp.comp.sys.oauth2.common.util.SSOUtils;
import com.chinacreator.asp.comp.sys.oauth2.common.util.StringUtils;
import com.chinacreator.asp.comp.sys.oauth2.resourceserver.bean.UrlResource;
import com.chinacreator.asp.comp.sys.oauth2.resourceserver.cache.UrlPermissionResourceCache;
import com.chinacreator.asp.comp.sys.oauth2.resourceserver.util.AntPathMatcher;
import com.chinacreator.asp.comp.sys.oauth2.resourceserver.util.ApiGatewayRequestor;
import com.chinacreator.asp.comp.sys.oauth2.resourceserver.util.URLResourceType;
import com.chinacreator.c2.logger.C2Slf4jLogger;
import com.chinacreator.c2.logger.LoggerConstants;
import com.chinacreator.c2.logger.OpLogObject;
import com.chinacreator.c2.sysmgr.User;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.ParameterStyle;
import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
import org.json.JSONObject;

/* loaded from: input_file:com/chinacreator/asp/comp/sys/oauth2/sso/client/filter/OAuth2SSOFilter.class */
public class OAuth2SSOFilter implements Filter {
    public static final String ERROR_TYPE_LOGIN_EXPIRED = "login_expired";
    private SSOUtils oAuth2SSOService = SSOUtils.getOAuth2SSOService();

    public void init(FilterConfig filterConfig) {
        CredentialConfiguration.init(filterConfig);
        if (CredentialConfiguration.isResourceAuthorizationEnabled()) {
            UrlPermissionResourceCache.getInstance().init();
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        UrlResource matchedResourceIdWithUri;
        Credential credential;
        long currentTimeMillis = System.currentTimeMillis();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        CORSUtil.addCORSHeaders(httpServletRequest, httpServletResponse);
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        if (!StringUtils.isEmpty(contextPath) && !StringUtils.isEmpty(requestURI) && !AntPathMatcher.DEFAULT_PATH_SEPARATOR.equals(contextPath)) {
            requestURI = requestURI.substring(contextPath.length());
        }
        try {
            if (this.oAuth2SSOService.isAnonUrlByStaticRes(httpServletRequest, requestURI)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else if (this.oAuth2SSOService.isAnonUrlBySpi(httpServletRequest, requestURI)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else if (this.oAuth2SSOService.isAnonUrlByConfig(requestURI)) {
                doAonoUrlFilter(httpServletRequest, httpServletResponse, filterChain);
            } else if ("/sso/v1/accesslog".equals(requestURI)) {
                String parameter = httpServletRequest.getParameter("uri");
                if (parameter != null && parameter != "" && (matchedResourceIdWithUri = UrlPermissionResourceCache.getInstance().getMatchedResourceIdWithUri(parameter)) != null && (credential = getCredential(httpServletRequest, httpServletResponse, filterChain)) != null) {
                    CredentialStore.setCurrCredential(credential);
                    insertAccessLog(httpServletRequest, matchedResourceIdWithUri, Long.valueOf(currentTimeMillis));
                }
            } else if ("/oauth2-login".equals(requestURI)) {
                doOAuth2LoginFilter(httpServletRequest, httpServletResponse, filterChain);
            } else if ("/oauth2-logout".equals(requestURI)) {
                doOAuth2LogoutFilter(httpServletRequest, httpServletResponse, filterChain);
            } else if ("/oauth2/refresh_token".equals(requestURI)) {
                doRefreshToken(httpServletRequest, httpServletResponse, filterChain);
            } else if ("/ws/getSubject".equals(requestURI)) {
                doGetSubject(httpServletRequest, httpServletResponse, filterChain);
            } else if ("/ws/logout".equals(requestURI)) {
                doClientLogout(httpServletRequest, httpServletResponse);
            } else {
                doAuthcFilter(httpServletRequest, httpServletResponse, filterChain, Long.valueOf(currentTimeMillis));
            }
        } finally {
            CredentialStore.clearCurrCredential();
        }
    }

    private String getAccessToken(HttpServletRequest httpServletRequest) {
        String str = null;
        try {
            str = new OAuthAccessResourceRequest(httpServletRequest, new ParameterStyle[]{ParameterStyle.HEADER}).getAccessToken();
        } catch (OAuthProblemException e) {
        } catch (OAuthSystemException e2) {
        }
        if (StringUtils.isEmpty(str)) {
            str = CookieUtil.getCookieByName(httpServletRequest, "C2AT");
        }
        return str;
    }

    public Credential tryGetCredential(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginExpiredException, UnExpectedException, InvalidTokenException {
        Credential credential = null;
        try {
            credential = OAuth2CredentialFactory.getCredentialByAccessToken(getAccessToken(httpServletRequest), HeaderUtil.isAPIRequest(httpServletRequest));
        } catch (JWTVerificationException e) {
            System.err.println("jwt token 校验失败............................系统当前时间为：" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()));
            System.err.println(e.getMessage());
            if (StringUtils.startsWithIgnoreCase(e.getMessage(), "The Token can't be used before")) {
                throw new InvalidTokenException("凭证校验失败：" + e.getMessage(), e);
            }
        } catch (TokenExpiredException e2) {
        } catch (NullPointerException e3) {
        }
        if (null == credential) {
            String cookieByName = CookieUtil.getCookieByName(httpServletRequest, "C2RT");
            if (StringUtils.isEmpty(cookieByName)) {
                throw new LoginExpiredException("没有找到任何凭证");
            }
            OAuth2Credential credentialByRefreshToken = OAuth2CredentialFactory.getCredentialByRefreshToken(cookieByName);
            if (null == credentialByRefreshToken) {
                throw new UnExpectedException("更新用户凭证时时发生了未知错误，请稍候再试或联系管理员检查应用状态");
            }
            CookieUtil.setCookie(httpServletRequest, httpServletResponse, "C2AT", credentialByRefreshToken.getAccessToken(), -1);
            CookieUtil.setCookie(httpServletRequest, httpServletResponse, "C2RT", credentialByRefreshToken.getRefreshToken(), getRTMaxAge(credentialByRefreshToken));
            try {
                credential = OAuth2CredentialFactory.getCredentialByAccessToken(credentialByRefreshToken.getAccessToken(), false);
            } catch (NullPointerException e4) {
                throw new UnExpectedException("从认证服务器获取的token为空，请联系管理员");
            } catch (TokenExpiredException e5) {
                System.err.println("jwt token 校验失败............................系统当前时间为：" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()));
                System.err.println(e5.getMessage());
                throw new LoginExpiredException("新生成的token已过期，认证失败，很有可能是由后端各服务器之间时间不同步引起的，请联系管理员检查环境!");
            } catch (JWTVerificationException e6) {
                System.err.println("jwt token 校验失败............................系统当前时间为：" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()));
                System.err.println(e6.getMessage());
                String message = e6.getMessage();
                if (StringUtils.startsWithIgnoreCase(message, "The Token can't be used before")) {
                    throw new LoginExpiredException("新生成的token已过期，认证失败，很有可能是由后端各服务器之间时间不同步引起的，请联系管理员检查环境!");
                }
                throw new UnExpectedException("新生成的token签名校验未通过，请联系管理员检查配置，错误信息：" + message);
            }
        }
        return credential;
    }

    public Credential tryGetCredentialSafe(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            return tryGetCredential(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            return null;
        }
    }

    public void doAonoUrlFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        Credential tryGetCredentialSafe = tryGetCredentialSafe(httpServletRequest, httpServletResponse);
        if (tryGetCredentialSafe == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            CredentialStore.setCurrCredential(tryGetCredentialSafe);
            CredentialConfiguration.getAuthrizationSpi().onTokenCheckSuccess(httpServletRequest, httpServletResponse, filterChain, tryGetCredentialSafe);
        }
    }

    private void doRefreshToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String parameter = httpServletRequest.getParameter("refresh_token");
        if (StringUtils.isEmpty(parameter)) {
            parameter = CookieUtil.getCookieByName(httpServletRequest, "C2RT");
        }
        if (StringUtils.isEmpty(parameter)) {
            redirectToLoginPage(httpServletRequest, httpServletResponse, filterChain, "", "Refresh Token为空，换取新凭证失败");
            return;
        }
        try {
            OAuth2Credential credentialByRefreshToken = OAuth2CredentialFactory.getCredentialByRefreshToken(parameter);
            CookieUtil.setCookie(httpServletRequest, httpServletResponse, "C2AT", credentialByRefreshToken.getAccessToken(), -1);
            CookieUtil.setCookie(httpServletRequest, httpServletResponse, "C2RT", credentialByRefreshToken.getRefreshToken(), getRTMaxAge(credentialByRefreshToken));
            httpServletResponse.setContentType("application/json;charset=UTF-8");
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("accessToken", credentialByRefreshToken.getAccessToken());
            jSONObject.put("refreshToken", credentialByRefreshToken.getRefreshToken());
            jSONObject.put("expires", credentialByRefreshToken.getExpires());
            jSONObject.put("reExpires", credentialByRefreshToken.getReExpires());
            httpServletResponse.getWriter().write(jSONObject.toString());
            httpServletResponse.flushBuffer();
        } catch (LoginExpiredException e) {
            redirectToLoginPage(httpServletRequest, httpServletResponse, filterChain, "", "Refresh Token换取新凭证失败");
        }
    }

    private void doClientLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("result", this.oAuth2SSOService.caculateRedirectLogoutUrl(httpServletRequest));
        httpServletResponse.getWriter().write(jSONObject.toString());
        httpServletResponse.flushBuffer();
    }

    private void doOAuth2LoginFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String parameter = httpServletRequest.getParameter("errorCode");
        String parameter2 = httpServletRequest.getParameter("errorMessage");
        if (null != parameter && !parameter.trim().equals("")) {
            if ("access_denied".equals(parameter)) {
                handleLoginError(httpServletResponse, parameter2, this.oAuth2SSOService.caculateRedirectLogoutUrl(httpServletRequest));
                return;
            } else {
                handleLoginError(httpServletResponse, parameter2, null);
                return;
            }
        }
        String parameter3 = httpServletRequest.getParameter("code");
        try {
            if (StringUtils.isEmpty(parameter3)) {
                handleLoginError(httpServletResponse, "没有授权码", null);
            }
            OAuth2Credential credentialByCode = OAuth2CredentialFactory.getCredentialByCode(httpServletRequest.getParameter("code"));
            OAuth2CredentialFactory.getCredentialByAccessToken(credentialByCode.getAccessToken(), false);
            if (credentialByCode != null) {
                CookieUtil.setCookie(httpServletRequest, httpServletResponse, "C2AT", credentialByCode.getAccessToken(), -1);
                CookieUtil.setCookie(httpServletRequest, httpServletResponse, "C2RT", credentialByCode.getRefreshToken(), getRTMaxAge(credentialByCode));
                CredentialStore.setCurrCredential(credentialByCode);
                CredentialConfiguration.getAuthenticateSpi().onAuthenticateSuccessHandler(httpServletRequest, httpServletResponse, filterChain, credentialByCode);
            }
        } catch (OAuthProblemException e) {
            handleLoginError(httpServletResponse, "授权码[" + parameter3 + "]无效，认证失败", this.oAuth2SSOService.caculateRedirectLoginUrl(httpServletRequest));
        } catch (JWTVerificationException e2) {
            System.err.println("jwt token 校验失败............................系统当前时间为：" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()));
            System.err.println(e2.getMessage());
            String message = e2.getMessage();
            if (StringUtils.startsWithIgnoreCase(message, "The Token can't be used before")) {
                handleLoginError(httpServletResponse, "新生成的token已失效，认证失败，很有可能是由后端服务器时间早于授权服务器时间，请联系管理员同步时间服务器!", this.oAuth2SSOService.caculateRedirectLoginUrl(httpServletRequest));
            } else {
                handleLoginError(httpServletResponse, "校验新生成的Token时发生未知错误，请联系管理员检查，错误信息：" + message, this.oAuth2SSOService.caculateRedirectLoginUrl(httpServletRequest));
            }
        } catch (OAuthSystemException e3) {
            CredentialConfiguration.getAuthenticateSpi().onServerFailedHandler(httpServletRequest, httpServletResponse, e3, filterChain, this.oAuth2SSOService.caculateRedirectLogoutUrl(httpServletRequest));
        } catch (TokenExpiredException e4) {
            System.err.println("jwt token 校验失败............................系统当前时间为：" + new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date()));
            System.err.println(e4.getMessage());
            handleLoginError(httpServletResponse, "新生成的token已失效，认证失败，很有可能是由后端服务器时间晚于授权服务器时间，请联系管理员同步时间服务器!", this.oAuth2SSOService.caculateRedirectLoginUrl(httpServletRequest));
        }
    }

    private void doOAuth2LogoutFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String parameter = httpServletRequest.getParameter("errorCode");
        String parameter2 = httpServletRequest.getParameter("errorMessage");
        if (null != parameter && !parameter.trim().equals("")) {
            handleLoginError(httpServletResponse, parameter2, null);
            return;
        }
        CookieUtil.removeCookie(httpServletRequest, httpServletResponse, "C2AT");
        CookieUtil.removeCookie(httpServletRequest, httpServletResponse, "C2RT");
        CredentialConfiguration.getAuthenticateSpi().onServerLogoutHandler(httpServletRequest, httpServletResponse, filterChain, this.oAuth2SSOService.caculateRedirectLoginUrl(httpServletRequest));
    }

    private void doGetSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            Credential tryGetCredential = tryGetCredential(httpServletRequest, httpServletResponse);
            if (!CredentialConfiguration.isRouteAuthorizationEnabled() && !tryGetCredential.introspect()) {
                redirectToLoginPage(httpServletRequest, httpServletResponse, filterChain, ERROR_TYPE_LOGIN_EXPIRED, "用户本次登录已失效，需重新认证");
                return;
            }
            httpServletResponse.setContentType("application/json;charset=UTF-8");
            JSONObject jSONObject = new JSONObject((Map) tryGetCredential.getUserInfo());
            jSONObject.put("accessToken", tryGetCredential.getAccessToken());
            httpServletResponse.getWriter().write(jSONObject.toString());
            httpServletResponse.flushBuffer();
        } catch (LoginExpiredException e) {
            redirectToLoginPage(httpServletRequest, httpServletResponse, filterChain, ERROR_TYPE_LOGIN_EXPIRED, "用户本次登录已失效，需重新认证");
        } catch (InvalidTokenException e2) {
            accessDenied(httpServletResponse, "凭证校验失败：" + e2.getMessage());
        } catch (UnExpectedException e3) {
            accessDenied(httpServletResponse, e3.getMessage());
        }
    }

    private void doAuthcFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Long l) throws IOException, ServletException {
        Credential credential = getCredential(httpServletRequest, httpServletResponse, filterChain);
        if (credential == null) {
            return;
        }
        CredentialStore.setCurrCredential(credential);
        if (!CredentialConfiguration.isResourceAuthorizationEnabled() || doResourceAuthcFilter(httpServletRequest, httpServletResponse, l)) {
            if (httpServletRequest.getRequestURI().indexOf("ws/isPermitedByBatch") == -1) {
                CredentialConfiguration.getAuthrizationSpi().onTokenCheckSuccess(httpServletRequest, httpServletResponse, filterChain, credential);
                return;
            }
            HashMap hashMap = new HashMap();
            Object[] objArr = (Object[]) CredentialStore.getCurrCredential().getUserInfo().get("roles");
            for (String str : (String[]) httpServletRequest.getParameterMap().get("permExpr[]")) {
                if (CredentialConfiguration.isResourceAuthorizationEnabled()) {
                    try {
                        if (isPermitted(objArr, str)) {
                            hashMap.put(str, true);
                        } else {
                            hashMap.put(str, false);
                        }
                    } catch (Exception e) {
                        hashMap.put(str, false);
                    }
                } else {
                    hashMap.put(str, true);
                }
            }
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("result", (Map) hashMap);
            httpServletResponse.setContentType("application/json;charset=UTF-8");
            httpServletResponse.getWriter().write(jSONObject.toString());
            httpServletResponse.flushBuffer();
        }
    }

    private Credential getCredential(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            return tryGetCredential(httpServletRequest, httpServletResponse);
        } catch (LoginExpiredException e) {
            redirectToLoginPage(httpServletRequest, httpServletResponse, filterChain, ERROR_TYPE_LOGIN_EXPIRED, "用户未登录或已超时");
            return null;
        } catch (InvalidTokenException e2) {
            accessDenied(httpServletResponse, "凭证校验失败：" + e2.getMessage());
            return null;
        } catch (UnExpectedException e3) {
            accessDenied(httpServletResponse, e3.getMessage());
            return null;
        }
    }

    private boolean doResourceAuthcFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Long l) throws UnsupportedEncodingException, IOException {
        Object[] objArr;
        if (!CredentialStore.getCurrCredential().getUserInfo().containsKey("roles")) {
            return true;
        }
        String contextPath = httpServletRequest.getContextPath();
        String requestURI = httpServletRequest.getRequestURI();
        if (!StringUtils.isEmpty(contextPath) && !StringUtils.isEmpty(requestURI) && !AntPathMatcher.DEFAULT_PATH_SEPARATOR.equals(contextPath)) {
            requestURI.substring(contextPath.length());
        }
        UrlResource matchedResourceId = UrlPermissionResourceCache.getInstance().getMatchedResourceId(httpServletRequest);
        if (matchedResourceId == null || (objArr = (Object[]) CredentialStore.getCurrCredential().getUserInfo().get("roles")) == null || objArr.length == 0) {
            return true;
        }
        if (isPermitted(objArr, matchedResourceId.getId())) {
            insertAccessLog(httpServletRequest, matchedResourceId, l);
            return true;
        }
        if (matchedResourceId.getType().equals(URLResourceType.INNERSERVICE)) {
            forbiddenCall(httpServletRequest, httpServletResponse, "", "用户未授权服务调用权限.");
            return false;
        }
        redirectToUnAuthorizedPage(httpServletRequest, httpServletResponse);
        return false;
    }

    private void insertAccessLog(HttpServletRequest httpServletRequest, UrlResource urlResource, Long l) {
        if (urlResource.getType().equals(URLResourceType.FUNCTION)) {
            User userInfo = CredentialStore.getCurrCredential().getUserInfo();
            OpLogObject opLogObject = new OpLogObject();
            opLogObject.setUserId(userInfo.getId());
            opLogObject.setUserName(userInfo.getRealname());
            opLogObject.setOpType("visit");
            opLogObject.setObjType("function");
            opLogObject.setObjId(urlResource.getId());
            opLogObject.setObjName(urlResource.getName());
            opLogObject.setOpstatus(LoggerConstants.OP_STATUS_SUCCESS);
            opLogObject.setLatency(System.currentTimeMillis() - l.longValue());
            opLogObject.setContent("您访问了[" + urlResource.getName() + "]功能,该功能的访问路径为：" + urlResource.getUri());
            C2Slf4jLogger.logOperation(opLogObject, httpServletRequest);
        }
    }

    private void forbiddenCall(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws UnsupportedEncodingException, IOException {
        httpServletResponse.setStatus(403);
        String lowerCase = httpServletRequest.getHeader("User-Agent").toLowerCase();
        if (lowerCase.contains("msie") || (lowerCase.contains("gecko") && lowerCase.contains("rv:11"))) {
            httpServletResponse.setContentType("text/plain;charset=UTF-8");
        } else {
            httpServletResponse.setContentType("application/json;charset=UTF-8");
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("errorType", str);
        jSONObject.put("errorDescription", str2);
        httpServletResponse.getOutputStream().write(jSONObject.toString().getBytes("UTF-8"));
        httpServletResponse.setHeader("Cache-Control", "private, no-store, no-cache, must-revalidate");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
    }

    private boolean isPermitted(Object[] objArr, String str) throws JsonParseException, JsonMappingException, IOException {
        StringBuilder sb = new StringBuilder();
        int i = 0;
        while (i < objArr.length) {
            sb.append(i == 0 ? "?roleCode=" + objArr[i].toString() : "&roleCode=" + objArr[i].toString());
            i++;
        }
        ObjectMapper objectMapper = new ObjectMapper();
        Map map = (Map) objectMapper.readValue(ApiGatewayRequestor.doPost("/aip/v1/permissions/verify" + sb.toString(), objectMapper.writeValueAsString(Arrays.asList(str))), objectMapper.getTypeFactory().constructParametricType(Map.class, new Class[]{String.class, Boolean.class}));
        if (map == null || map.size() == 0 || !map.containsKey(str)) {
            return true;
        }
        return ((Boolean) map.get(str)).booleanValue();
    }

    public void redirectToUnAuthorizedPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws UnsupportedEncodingException, IOException {
        httpServletResponse.setContentType("text/html");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<html lang=\"en\">");
        writer.println("<head>");
        writer.println("<meta charset=\"UTF-8\">");
        writer.println("<title></title>");
        writer.println("</head>");
        writer.println("<body>");
        writer.println("<div style=\"width:100%;height:500px;display: flex;justify-content: center; align-items: center;\">");
        writer.println("<div>");
        writer.println("<img src=\"#\" alt=\"\" style=\"\">");
        writer.println("<p style=\"text-align: center;color: #0f60be;font-weight: 500;font-size: 30px;display: block;\">403,Unauthorized Access</p>");
        writer.println("</div>");
        writer.println("</div>");
        writer.println("</body>");
        writer.println("</html>");
        httpServletResponse.setHeader("Cache-Control", "private, no-store, no-cache, must-revalidate");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setDateHeader("Expires", 0L);
    }

    public void redirectToLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str, String str2) throws IOException, ServletException {
        CookieUtil.removeCookie(httpServletRequest, httpServletResponse, "C2AT");
        CookieUtil.removeCookie(httpServletRequest, httpServletResponse, "C2RT");
        String caculateRedirectLoginUrl = this.oAuth2SSOService.caculateRedirectLoginUrl(httpServletRequest);
        if (HeaderUtil.isAJAXRequest(httpServletRequest) || HeaderUtil.isAPIRequest(httpServletRequest)) {
            httpServletResponse.setStatus(CredentialConfiguration.getUnauthorizedStatus());
            String lowerCase = httpServletRequest.getHeader("User-Agent").toLowerCase();
            if (lowerCase.contains("msie") || (lowerCase.contains("gecko") && lowerCase.contains("rv:11"))) {
                httpServletResponse.setContentType("text/plain;charset=UTF-8");
            } else {
                httpServletResponse.setContentType("application/json;charset=UTF-8");
            }
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("errorType", str);
            jSONObject.put("errorDescription", str2);
            httpServletResponse.getOutputStream().write(jSONObject.toString().getBytes("UTF-8"));
            httpServletResponse.setHeader("Cache-Control", "private, no-store, no-cache, must-revalidate");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setDateHeader("Expires", 0L);
            httpServletResponse.setHeader("nologin", "c2login");
            httpServletResponse.setHeader("loginurl", caculateRedirectLoginUrl);
        } else {
            String contextPath = httpServletRequest.getContextPath();
            String requestURI = httpServletRequest.getRequestURI();
            if (!StringUtils.isEmpty(contextPath) && !StringUtils.isEmpty(requestURI) && !AntPathMatcher.DEFAULT_PATH_SEPARATOR.equals(contextPath)) {
                requestURI = requestURI.substring(contextPath.length());
            }
            String queryString = httpServletRequest.getQueryString();
            if (!StringUtils.isEmpty(queryString)) {
                requestURI = requestURI + "?" + URLDecoder.decode(queryString, "utf-8");
            }
            if (!StringUtils.isEmpty(requestURI) && !requestURI.equals(AntPathMatcher.DEFAULT_PATH_SEPARATOR)) {
                caculateRedirectLoginUrl = caculateRedirectLoginUrl + "?backUrl=" + URLEncoder.encode(requestURI, "utf-8");
            }
            httpServletResponse.setStatus(307);
            httpServletResponse.setHeader("Location", caculateRedirectLoginUrl);
        }
        CredentialConfiguration.getAuthrizationSpi().onTokenCheckFailed(httpServletRequest, httpServletResponse, filterChain, caculateRedirectLoginUrl);
    }

    public void accessDenied(ServletResponse servletResponse, String str) {
        try {
            servletResponse.setContentType("text/html;charset=UTF-8");
            servletResponse.getWriter().write(str);
            ((HttpServletResponse) servletResponse).setStatus(403);
        } catch (IOException e) {
        }
    }

    public void handleLoginError(ServletResponse servletResponse, String str, String str2) throws IOException {
        servletResponse.setContentType("text/html;charset=UTF-8");
        servletResponse.getWriter().write(str);
        ((HttpServletResponse) servletResponse).setStatus(403);
        if (null == str2 || str2.trim().equals("")) {
            return;
        }
        ((HttpServletResponse) servletResponse).setHeader("refresh", "5;url=" + str2);
        servletResponse.getWriter().write("<br/><br/>5秒后自动尝试重新登录，您也可以点击<a href='" + str2 + "'>这里</a>立即重新登录");
    }

    private int getRTMaxAge(OAuth2Credential oAuth2Credential) {
        if ("0".equals(oAuth2Credential.getSecurityLevel())) {
            return oAuth2Credential.innerGetReExpiresInSeconds().intValue();
        }
        return -1;
    }

    public void destroy() {
    }
}
