package kd.bos.ext.hr.web.filter;

import com.google.common.base.Splitter;
import java.io.IOException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kd.bos.actiondispatcher.ActionUtil;
import kd.bos.context.RequestContext;
import kd.bos.context.RequestContextCreator;
import kd.bos.dc.api.model.Account;
import kd.bos.dc.utils.AccountUtils;
import kd.bos.exception.KDException;
import kd.bos.exception.LoginErrorCode;
import kd.bos.ext.hr.web.constant.HrLoginConstants;
import kd.bos.ext.hr.web.dto.LoginConfigDTO;
import kd.bos.ext.hr.web.dto.SafeUrlDTO;
import kd.bos.ext.hr.web.util.HrFilterUtil;
import kd.bos.ext.hr.web.util.HrUserCacheUtil;
import kd.bos.ext.hr.web.util.SafeUriUtil;
import kd.bos.ext.hr.web.vo.HrUserSessionVO;
import kd.bos.instance.Instance;
import kd.bos.lang.Lang;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.lang.LoginLangUtils;
import kd.bos.login.utils.LoginUtils;
import kd.bos.login.utils.SessionUtils;
import kd.bos.servicehelper.DispatchServiceHelper;
import kd.bos.util.NetAddressUtils;
import kd.bos.util.RevProxyUtil;
import kd.bos.util.StringUtils;
import kd.bos.util.resource.Resources;

/* loaded from: input_file:kd/bos/ext/hr/web/filter/SafeUriFilter.class */
public class SafeUriFilter implements Filter {
    private static final Log LOGGER = LogFactory.getLog(SafeUriFilter.class);

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String uri = HrFilterUtil.getURI(servletRequest);
        try {
            if (!(uri.startsWith("/hr") && StringUtils.isNotEmpty(httpServletRequest.getParameter("a")))) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            if (!SafeUriUtil.isSafeUri(uri)) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            createGuestContext(httpServletRequest);
            String accountId = RequestContext.get().getAccountId();
            String str = uri + "?a=" + accountId;
            LOGGER.info("querySafeUrlService start,uri={}", str);
            SafeUrlDTO safeUrlDTO = (SafeUrlDTO) DispatchServiceHelper.invokeBizService("hrmp", "hbss", "IHBSSSafeUrlService", "shortToLong", new Object[]{str});
            LOGGER.info("querySafeUrlService end,safeUrlDTO={}", safeUrlDTO);
            String formUrlByGuest = HrFilterUtil.getFormUrlByGuest(httpServletRequest, accountId, HrFilterUtil.getClientUrlExpiryFormId(httpServletRequest));
            if (StringUtils.isEmpty(safeUrlDTO.getOriginUrl())) {
                httpServletResponse.sendRedirect(formUrlByGuest);
                return;
            }
            if (!safeUrlDTO.getExpiryTime().after(new Date())) {
                LOGGER.info("uri is expired,uri={}", str);
                httpServletResponse.sendRedirect(formUrlByGuest);
                return;
            }
            String originUrl = safeUrlDTO.getOriginUrl();
            String query = originUrl.contains(HrLoginConstants.HTMLPATH_MOBILE) ? new URL(originUrl).getQuery() : originUrl;
            Map<String, String> split = Splitter.onPattern("&").trimResults().withKeyValueSeparator("=").split(query);
            String str2 = split.get("loginConfigNumber");
            String str3 = split.get("bizUserId");
            String str4 = split.get("bizCustomParam");
            LOGGER.info("Got originUrl: [{}], urlQuery: [{}], queryParamMap: [{}].", new Object[]{originUrl, query, split});
            if (StringUtils.isEmpty(str2)) {
                httpServletResponse.sendRedirect(originUrl);
                return;
            }
            LoginConfigDTO loginConfigDTO = (LoginConfigDTO) DispatchServiceHelper.invokeBizService("hrmp", "hbss", "IHBSSLoginService", "getHrLoginConfig", new Object[]{str2});
            if (loginConfigDTO == null) {
                httpServletResponse.getWriter().write("loginConfig not found,number=" + URLEncoder.encode(str2, StandardCharsets.UTF_8.toString()));
                httpServletResponse.getWriter().flush();
                return;
            }
            String loginPageUrl = getLoginPageUrl(httpServletRequest, loginConfigDTO, split);
            Cookie hrUserCookie = HrFilterUtil.getHrUserCookie(httpServletRequest);
            if (hrUserCookie == null) {
                httpServletResponse.sendRedirect(loginPageUrl);
                return;
            }
            String value = hrUserCookie.getValue();
            HrUserSessionVO cacheHrUserVO = HrUserCacheUtil.getCacheHrUserVO(value);
            if (cacheHrUserVO == null) {
                HrFilterUtil.removeCookieAndSession(httpServletRequest, httpServletResponse, hrUserCookie.getName(), value);
                httpServletResponse.sendRedirect(loginPageUrl);
            } else if (cacheHrUserVO.getAccountId().equals(accountId) && cacheHrUserVO.getLoginConfigNumber().equals(str2) && cacheHrUserVO.getBizUserId().equals(str3)) {
                httpServletResponse.sendRedirect(getBizFormPageUrl(httpServletRequest, accountId, str2, cacheHrUserVO.getBizFormId(), str3, str4));
            } else {
                HrFilterUtil.removeCookieAndSession(httpServletRequest, httpServletResponse, hrUserCookie.getName(), value);
                httpServletResponse.sendRedirect(loginPageUrl);
            }
        } catch (Exception e) {
            LOGGER.error("SafeUriFilterError:", e);
            KDException kDException = new KDException(LoginErrorCode.loginBizException, new Object[]{Resources.getString("系统错误，请联系系统管理员！\n", "LoginFilter_3", "bos-login", new Object[0]) + e.getMessage()});
            try {
                ActionUtil.writeResponseJson(servletResponse, LoginUtils.getLoginResponse(String.valueOf(kDException.getErrorCode().getCode()), kDException.getMessage()));
            } catch (Exception e2) {
                throw e;
            }
        }
    }

    private String getLoginPageUrl(HttpServletRequest httpServletRequest, LoginConfigDTO loginConfigDTO, Map<String, String> map) {
        String clientCommonLoginFormId = HrFilterUtil.getClientCommonLoginFormId(httpServletRequest);
        String str = "&loginConfigNumber=" + loginConfigDTO.getLoginConfigNumber() + "&bizFormId=" + loginConfigDTO.getRedirectFormId() + "&bizUserId=" + map.get("bizUserId");
        String str2 = map.get("bizCustomParam");
        if (StringUtils.isNotEmpty(str2)) {
            str = str + "&bizCustomParam=" + HrFilterUtil.crlfFilter(str2);
        }
        Account currentAccount = HrFilterUtil.getCurrentAccount(httpServletRequest);
        String langCode = loginConfigDTO.getLangCode();
        if (StringUtils.isNotEmpty(HrFilterUtil.xssEncode(httpServletRequest.getParameter("language")))) {
            langCode = LoginLangUtils.getLoginLanguage(httpServletRequest).toString();
        }
        return HrFilterUtil.getFormUrlByGuest(httpServletRequest, currentAccount.getAccountId(), clientCommonLoginFormId) + str + "&language=" + langCode;
    }

    private String getBizFormPageUrl(HttpServletRequest httpServletRequest, String str, String str2, String str3, String str4, String str5) {
        String str6 = "&loginConfigNumber=" + str2 + "&bizUserId=" + str4;
        if (StringUtils.isNotEmpty(str5)) {
            str6 = str6 + "&bizCustomParam=" + HrFilterUtil.crlfFilter(str5);
        }
        return HrFilterUtil.getFormUrlByGuest(httpServletRequest, str, str3) + str6 + "&language=" + RequestContext.get().getLang().toString();
    }

    private void createGuestContext(HttpServletRequest httpServletRequest) {
        Account correctAccount = AccountUtils.getCorrectAccount(LoginUtils.getParamerter(httpServletRequest, "a"), RevProxyUtil.getTenantId(httpServletRequest));
        Lang lang = LoginLangUtils.getLang(LoginUtils.getParamerter(httpServletRequest, "l"));
        RequestContextCreator.create(httpServletRequest, LoginUtils.getGuestSessionId(correctAccount.getAccountId(), correctAccount.getTenantId(), lang, NetAddressUtils.getRemoteHost(httpServletRequest)), SessionUtils.getGuestSessionData(Instance.getClusterName(), correctAccount.getTenantId(), correctAccount.getAccountId(), lang));
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
