package kd.bos.ext.hr.web.filter;

import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kd.bos.actiondispatcher.ActionUtil;
import kd.bos.context.RequestContext;
import kd.bos.dc.api.model.Account;
import kd.bos.exception.KDException;
import kd.bos.exception.LoginErrorCode;
import kd.bos.ext.hr.es.api.common.EsConstants;
import kd.bos.ext.hr.web.constant.HrLoginConstants;
import kd.bos.ext.hr.web.dto.LoginConfigDTO;
import kd.bos.ext.hr.web.dto.SafeUrlDTO;
import kd.bos.ext.hr.web.util.HrFilterUtil;
import kd.bos.ext.hr.web.util.HrGuestUrlUtil;
import kd.bos.ext.hr.web.util.HrUserCacheUtil;
import kd.bos.ext.hr.web.vo.HrUserSessionVO;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.LoginClientEnum;
import kd.bos.login.lang.LoginLangUtils;
import kd.bos.login.utils.LoginUtils;
import kd.bos.login.utils.SessionUtils;
import kd.bos.login.utils.ThirdAPIAPPUtils;
import kd.bos.servicehelper.DispatchServiceHelper;
import kd.bos.session.SystemPropertyUtils;
import kd.bos.trace.util.TraceIdUtil;
import kd.bos.util.NetAddressUtils;
import kd.bos.util.RevProxyUtil;
import kd.bos.util.StringUtils;
import kd.bos.util.resource.Resources;
import org.eclipse.jetty.server.Request;

/* loaded from: input_file:kd/bos/ext/hr/web/filter/MobileHtmlFilter.class */
public class MobileHtmlFilter implements Filter {
    private static final Log LOGGER = LogFactory.getLog(MobileHtmlFilter.class);
    private static final String ERROR_TIP_ILLEGALPARAM = "Illegal link parameter";
    private static final String ERROR_TIP_EMPTYACCOUNTID = "AccountId is necessary";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Request request = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!LoginUtils.isIndexHTML(request)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            String xssEncode = HrFilterUtil.xssEncode(request.getParameter("loginConfigNumber"));
            if (StringUtils.isEmpty(xssEncode)) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            String xssEncode2 = HrFilterUtil.xssEncode(request.getParameter(HrLoginConstants.FORMID_KEY_MOBILE));
            if (StringUtils.isNotEmpty(xssEncode2) && StringUtils.isNotEmpty(request.getHeader("userId"))) {
                request.getMetaData().getFields().remove("userId");
            }
            String paramerter = LoginUtils.getParamerter(request, EsConstants.ACCOUNT_ID);
            if (StringUtils.isEmpty(paramerter)) {
                httpServletResponse.getWriter().write(ERROR_TIP_EMPTYACCOUNTID);
                httpServletResponse.getWriter().flush();
                return;
            }
            String xssEncode3 = HrFilterUtil.xssEncode(request.getParameter("bizUserId"));
            if (StringUtils.isEmpty(xssEncode3)) {
                httpServletResponse.getWriter().write(ERROR_TIP_ILLEGALPARAM);
                httpServletResponse.getWriter().flush();
                return;
            }
            createGuestRequestContext(request, null);
            LoginConfigDTO loginConfigDTO = (LoginConfigDTO) DispatchServiceHelper.invokeBizService("hrmp", "hbss", "IHBSSLoginService", "getHrLoginConfig", new Object[]{xssEncode});
            if (loginConfigDTO == null) {
                httpServletResponse.getWriter().write("loginConfig not found,number=" + URLEncoder.encode(xssEncode, StandardCharsets.UTF_8.toString()));
                httpServletResponse.getWriter().flush();
                return;
            }
            RequestContext.set((RequestContext) null);
            if (StringUtils.isEmpty(xssEncode2)) {
                if (isLongUrlTimeoutEnable(request) && isLongUrlTimeout(request, httpServletResponse, xssEncode, paramerter)) {
                    return;
                }
                String xssEncode4 = HrFilterUtil.xssEncode(request.getParameter("bizCustomParam"));
                String loginPageUrl = getLoginPageUrl(request, loginConfigDTO);
                String str = loginPageUrl;
                Cookie hrUserCookie = HrFilterUtil.getHrUserCookie(request);
                if (hrUserCookie != null) {
                    String value = hrUserCookie.getValue();
                    HrUserSessionVO cacheHrUserVO = HrUserCacheUtil.getCacheHrUserVO(value);
                    if (cacheHrUserVO == null) {
                        HrFilterUtil.removeCookieAndSession(request, httpServletResponse, hrUserCookie.getName(), value);
                        str = loginPageUrl;
                    } else if (cacheHrUserVO.getAccountId().equals(paramerter) && cacheHrUserVO.getLoginConfigNumber().equals(xssEncode) && cacheHrUserVO.getBizUserId().equals(xssEncode3)) {
                        str = getBizFormPageUrl(request, paramerter, xssEncode, cacheHrUserVO.getBizFormId(), xssEncode3, xssEncode4);
                    } else {
                        HrFilterUtil.removeCookieAndSession(request, httpServletResponse, hrUserCookie.getName(), value);
                        str = loginPageUrl;
                    }
                }
                httpServletResponse.sendRedirect(str);
                return;
            }
            if (isUserIdValid(request, httpServletResponse) && isNeedResetValid(request, httpServletResponse)) {
                if (xssEncode2.equals("hbss_commonlogin")) {
                    if (StringUtils.isEmpty(HrFilterUtil.xssEncode(request.getParameter("bizFormId")))) {
                        httpServletResponse.getWriter().write(ERROR_TIP_ILLEGALPARAM);
                        httpServletResponse.getWriter().flush();
                        return;
                    }
                    if (isLongUrlTimeoutEnable(request) && isLongUrlTimeout(request, httpServletResponse, xssEncode, paramerter)) {
                        return;
                    }
                    Cookie hrUserCookie2 = HrFilterUtil.getHrUserCookie(request);
                    if (hrUserCookie2 == null) {
                        filterChain.doFilter(servletRequest, servletResponse);
                        return;
                    }
                    String value2 = hrUserCookie2.getValue();
                    HrUserSessionVO cacheHrUserVO2 = HrUserCacheUtil.getCacheHrUserVO(value2);
                    if (cacheHrUserVO2 == null) {
                        HrFilterUtil.removeCookieAndSession(request, httpServletResponse, hrUserCookie2.getName(), value2);
                        filterChain.doFilter(servletRequest, servletResponse);
                        return;
                    } else if (cacheHrUserVO2.getAccountId().equals(paramerter) && cacheHrUserVO2.getLoginConfigNumber().equals(xssEncode) && cacheHrUserVO2.getBizUserId().equals(xssEncode3)) {
                        httpServletResponse.sendRedirect(getBizFormPageUrl(request, paramerter, xssEncode, cacheHrUserVO2.getBizFormId(), xssEncode3, HrFilterUtil.xssEncode(request.getParameter("bizCustomParam"))));
                        return;
                    } else {
                        HrFilterUtil.removeCookieAndSession(request, httpServletResponse, hrUserCookie2.getName(), value2);
                        filterChain.doFilter(servletRequest, servletResponse);
                        return;
                    }
                }
                if (!xssEncode2.equals(loginConfigDTO.getRedirectFormId())) {
                    httpServletResponse.getWriter().write(ERROR_TIP_ILLEGALPARAM);
                    httpServletResponse.getWriter().flush();
                    return;
                }
                if (isLongUrlTimeoutEnable(request) && isLongUrlTimeout(request, httpServletResponse, xssEncode, paramerter)) {
                    return;
                }
                Cookie hrUserCookie3 = HrFilterUtil.getHrUserCookie(request);
                if (hrUserCookie3 != null) {
                    String loginPageUrl2 = getLoginPageUrl(request, loginConfigDTO);
                    String value3 = hrUserCookie3.getValue();
                    HrUserSessionVO cacheHrUserVO3 = HrUserCacheUtil.getCacheHrUserVO(hrUserCookie3.getValue());
                    if (cacheHrUserVO3 == null) {
                        HrFilterUtil.removeCookieAndSession(request, httpServletResponse, hrUserCookie3.getName(), value3);
                        httpServletResponse.sendRedirect(loginPageUrl2);
                    } else {
                        if (!cacheHrUserVO3.getAccountId().equals(paramerter) || !cacheHrUserVO3.getLoginConfigNumber().equals(xssEncode) || !cacheHrUserVO3.getBizUserId().equals(xssEncode3)) {
                            HrFilterUtil.removeCookieAndSession(request, httpServletResponse, hrUserCookie3.getName(), value3);
                            httpServletResponse.sendRedirect(loginPageUrl2);
                            return;
                        }
                        filterChain.doFilter(servletRequest, servletResponse);
                    }
                } else {
                    httpServletResponse.sendRedirect(getLoginPageUrl(request, loginConfigDTO));
                }
            }
        } catch (Exception e) {
            LOGGER.error("MobileHtmlFilterError:", e);
            KDException kDException = new KDException(LoginErrorCode.loginBizException, new Object[]{Resources.getString("系统错误，请联系系统管理员！\n", "LoginFilter_3", "bos-login", new Object[0]) + e.getMessage()});
            try {
                ActionUtil.writeResponseJson(servletResponse, LoginUtils.getLoginResponse(String.valueOf(kDException.getErrorCode().getCode()), kDException.getMessage()));
            } catch (Exception e2) {
                throw e;
            }
        }
    }

    private boolean isLongUrlTimeout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws IOException {
        String str3 = HrFilterUtil.getFormUrlByGuest(httpServletRequest, str2, HrLoginConstants.URLEXPIRY_FORMID_MOBILE) + "&" + HrLoginConstants.SPECIALTAG_TIMEOUT;
        SafeUrlDTO safeUrlDTO = getSafeUrlDTO(httpServletRequest, httpServletResponse, str, str2);
        if (safeUrlDTO.getExpiryTime() == null) {
            httpServletResponse.sendRedirect(str3);
            return true;
        }
        if (!safeUrlDTO.getExpiryTime().before(new Date())) {
            return false;
        }
        httpServletResponse.sendRedirect(str3);
        return true;
    }

    private String getBizFormPageUrl(HttpServletRequest httpServletRequest, String str, String str2, String str3, String str4, String str5) {
        String str6 = "&loginConfigNumber=" + str2 + "&bizUserId=" + str4;
        if (StringUtils.isNotEmpty(str5)) {
            str6 = str6 + "&bizCustomParam=" + HrFilterUtil.crlfFilter(str5);
        }
        return HrFilterUtil.getFormUrlByGuest(httpServletRequest, str, str3) + str6 + "&language=" + RequestContext.get().getLang().toString();
    }

    private boolean isNeedResetValid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String paramerter = LoginUtils.getParamerter(httpServletRequest, "needReset");
        if (StringUtils.isEmpty(paramerter)) {
            httpServletResponse.getWriter().write(ERROR_TIP_ILLEGALPARAM);
            httpServletResponse.getWriter().flush();
            return false;
        }
        if (paramerter.equals("true")) {
            return true;
        }
        httpServletResponse.getWriter().write(ERROR_TIP_ILLEGALPARAM);
        httpServletResponse.getWriter().flush();
        return false;
    }

    private boolean isUserIdValid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String paramerter = LoginUtils.getParamerter(httpServletRequest, "userId");
        if (StringUtils.isEmpty(paramerter)) {
            httpServletResponse.getWriter().write(ERROR_TIP_ILLEGALPARAM);
            httpServletResponse.getWriter().flush();
            return false;
        }
        if (paramerter.equals("Guest")) {
            return true;
        }
        httpServletResponse.getWriter().write(ERROR_TIP_ILLEGALPARAM);
        httpServletResponse.getWriter().flush();
        return false;
    }

    private SafeUrlDTO getSafeUrlDTO(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        if (RequestContext.get() == null) {
            createGuestRequestContext(httpServletRequest, httpServletResponse);
        }
        return (SafeUrlDTO) DispatchServiceHelper.invokeBizService("hrmp", "hbss", "IHBSSSafeUrlService", "getLongUrlDetail", new Object[]{HrGuestUrlUtil.getMobileHtmlUrl(str2, str, HrFilterUtil.xssEncode(httpServletRequest.getParameter("bizUserId")), HrFilterUtil.xssEncode(httpServletRequest.getParameter("bizCustomParam")))});
    }

    private boolean isLongUrlTimeoutEnable(HttpServletRequest httpServletRequest) {
        String proptyByTenant = SystemPropertyUtils.getProptyByTenant("kd.hr.guest.longurltimeout.enable", RevProxyUtil.getTenantCode(httpServletRequest));
        if (StringUtils.isEmpty(proptyByTenant)) {
            proptyByTenant = "true";
        }
        return Boolean.parseBoolean(proptyByTenant);
    }

    private String getLoginPageUrl(HttpServletRequest httpServletRequest, LoginConfigDTO loginConfigDTO) {
        String str = "&loginConfigNumber=" + HrFilterUtil.xssEncode(HrFilterUtil.crlfFilter(httpServletRequest.getParameter("loginConfigNumber"))) + "&bizFormId=" + loginConfigDTO.getRedirectFormId() + "&bizUserId=" + HrFilterUtil.xssEncode(HrFilterUtil.crlfFilter(httpServletRequest.getParameter("bizUserId")));
        String xssEncode = HrFilterUtil.xssEncode(httpServletRequest.getParameter("bizCustomParam"));
        if (StringUtils.isNotEmpty(xssEncode)) {
            str = str + "&bizCustomParam=" + HrFilterUtil.crlfFilter(xssEncode);
        }
        Account currentAccount = HrFilterUtil.getCurrentAccount(httpServletRequest);
        String langCode = loginConfigDTO.getLangCode();
        if (StringUtils.isNotEmpty(HrFilterUtil.xssEncode(httpServletRequest.getParameter("language")))) {
            langCode = LoginLangUtils.getLoginLanguage(httpServletRequest).toString();
        }
        return HrFilterUtil.getFormUrlByGuest(httpServletRequest, currentAccount.getAccountId(), "hbss_commonlogin") + str + "&language=" + langCode;
    }

    private void createGuestRequestContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String kDGlobalSessionId = HrFilterUtil.getKDGlobalSessionId(httpServletRequest);
        if (StringUtils.isEmpty(kDGlobalSessionId)) {
            Account currentAccount = HrFilterUtil.getCurrentAccount(httpServletRequest);
            String createNewSession = SessionUtils.createNewSession(httpServletRequest, httpServletResponse, currentAccount, LoginLangUtils.getLoginLanguage(httpServletRequest), NetAddressUtils.getRemoteHost(httpServletRequest), LoginUtils.getClientUserInfo(RevProxyUtil.getTenantId(httpServletRequest)), LoginClientEnum.MOBILE, ThirdAPIAPPUtils.getTokenTimeout(currentAccount.getTenantId()));
            if (RequestContext.get() == null) {
                HrFilterUtil.createGuestRequestContext(httpServletRequest, createNewSession);
            }
        } else {
            HrFilterUtil.createGuestRequestContext(httpServletRequest, kDGlobalSessionId);
        }
        RequestContext.get().setTraceId(TraceIdUtil.createTraceIdString());
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
