package kd.bos.ext.hr.web.filter;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kd.bos.actiondispatcher.ActionUtil;
import kd.bos.context.RequestContext;
import kd.bos.encrypt.Encrypters;
import kd.bos.exception.KDException;
import kd.bos.exception.LoginErrorCode;
import kd.bos.ext.hr.calendar.constants.WorkingCalendarConstants;
import kd.bos.ext.hr.es.api.common.EsConstants;
import kd.bos.ext.hr.es.me.constants.QueryKSqlConstants;
import kd.bos.ext.hr.es.me.constants.StoreReginConstants;
import kd.bos.ext.hr.web.constant.HrLoginConstants;
import kd.bos.ext.hr.web.dto.LoginConfigDTO;
import kd.bos.ext.hr.web.dto.LoginOpDTO;
import kd.bos.ext.hr.web.util.HrFilterUtil;
import kd.bos.ext.hr.web.util.HrUserCacheUtil;
import kd.bos.ext.hr.web.vo.HrUserSessionVO;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.lang.LoginLangUtils;
import kd.bos.login.utils.LoginUtils;
import kd.bos.servicehelper.DispatchServiceHelper;
import kd.bos.session.SessionManager;
import kd.bos.session.SystemPropertyUtils;
import kd.bos.thread.ThreadLifeCycleManager;
import kd.bos.util.RevProxyUtil;
import kd.bos.util.StringUtils;
import kd.bos.util.resource.Resources;
import org.apache.poi.ss.usermodel.DateUtil;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.util.MultiMap;

/* loaded from: input_file:kd/bos/ext/hr/web/filter/HrLoginFilter.class */
public class HrLoginFilter implements Filter {
    private static final Log LOGGER = LogFactory.getLog(HrLoginFilter.class);
    private static final Charset UTF_8 = StandardCharsets.UTF_8;
    private static final String HR_USER_COOKIE = "KHRSESSIONID";
    private static final String HR_COMMONLOGIN_FORMID = "hbss_commonlogin";
    private static final int MIN_2_SECOND = 60;

    public HrLoginFilter() {
        initSessionTimeoutListener();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Map<String, String> refererQueryParamMap;
        Request request = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String uri = HrFilterUtil.getURI(servletRequest);
        try {
            if (uri.contains(StoreReginConstants.MULTI_ENTITY_ES_REGION) && uri.contains("/auth/login.do")) {
                String kDGlobalSessionId = HrFilterUtil.getKDGlobalSessionId(request);
                String xssEncode = HrFilterUtil.xssEncode(request.getParameter("bizUserId"));
                LOGGER.info("kdGlobalSessionId:{},bizUserId:{}", kDGlobalSessionId, xssEncode);
                if (kDGlobalSessionId == null) {
                    httpServletResponse.getWriter().write("invalidSession,refuse request");
                    httpServletResponse.getWriter().flush();
                    return;
                }
                try {
                    HrFilterUtil.createGuestRequestContext(request, kDGlobalSessionId);
                    LOGGER.info("hrGusetUser create requestContext success,bizUserId={}", xssEncode);
                    handleHrUserLogin(request, httpServletResponse);
                    return;
                } catch (Exception e) {
                    LOGGER.error("HrGuestLoginError:{}", e.getMessage());
                    return;
                }
            }
            Cookie cookieByName = HrFilterUtil.getCookieByName(request, HrLoginConstants.SPECIALTAG_MOBILETOINDEX);
            if (uri.equals("/form/batchInvokeAction.do") && cookieByName != null) {
                String value = cookieByName.getValue();
                HrFilterUtil.removeClientCookie(request, httpServletResponse, HrLoginConstants.SPECIALTAG_MOBILETOINDEX);
                httpServletResponse.getWriter().write("[{\"p\":[{\"openStyle\":\"0\",\"url\":\"" + HrFilterUtil.xssEncode(value) + "\"}],\"a\":\"openUrl\"}]");
                httpServletResponse.getWriter().flush();
                return;
            }
            boolean equals = uri.equals("/form/getConfig.do");
            if (equals && (refererQueryParamMap = getRefererQueryParamMap(request)) != null && refererQueryParamMap.containsKey(HrLoginConstants.OPNAME_TIMEOUT)) {
                Request request2 = request;
                request2.getParameterMap();
                MultiMap queryParameters = request2.getQueryParameters();
                JSONObject parseObject = JSON.parseObject(HrFilterUtil.crlfFilter(request.getParameter(WorkingCalendarConstants.PARAMS)));
                parseObject.put(HrLoginConstants.FORMID_KEY_WEB, HrFilterUtil.getClientUrlExpiryFormId(request));
                String jSONString = JSON.toJSONString(parseObject);
                request2.resetParameters();
                queryParameters.remove(WorkingCalendarConstants.PARAMS);
                queryParameters.put(WorkingCalendarConstants.PARAMS, jSONString);
                request2.setQueryParameters(queryParameters);
                HrFilterUtil.removeClientCookie(request, httpServletResponse, getHrUserSessionCookieName(RevProxyUtil.getTenantCode(request)));
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            Cookie hrUserCookie = HrFilterUtil.getHrUserCookie(request);
            if (hrUserCookie != null) {
                String value2 = hrUserCookie.getValue();
                HrUserSessionVO cacheHrUserVO = HrUserCacheUtil.getCacheHrUserVO(value2);
                if (cacheHrUserVO == null) {
                    String handleSessionTimeout = HrFilterUtil.handleSessionTimeout(request, httpServletResponse, filterChain, hrUserCookie);
                    if (StringUtils.isNotEmpty(handleSessionTimeout)) {
                        httpServletResponse.getWriter().write("[{\"p\":[{\"openStyle\":\"0\",\"url\":\"" + handleSessionTimeout + "\"}],\"a\":\"openUrl\"}]");
                        httpServletResponse.getWriter().flush();
                    }
                } else {
                    updateSessionTimeout(request, value2, cacheHrUserVO);
                    filterChain.doFilter(servletRequest, servletResponse);
                }
                return;
            }
            Map<String, String> refererQueryParamMap2 = getRefererQueryParamMap(request);
            if (refererQueryParamMap2 == null || !refererQueryParamMap2.containsKey("loginConfigNumber")) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            String path = new URL(HrFilterUtil.xssEncode(request.getHeader("Referer"))).getPath();
            if (!equals || !refererQueryParamMap2.containsKey(HrFilterUtil.getRequestFormKey(request, path)) || !refererQueryParamMap2.get(HrFilterUtil.getRequestFormKey(request, path)).equals(HrFilterUtil.getRequestCommonLoginFormId(request, path))) {
                if (!refererQueryParamMap2.containsKey(HrFilterUtil.getRequestFormKey(request, path)) || refererQueryParamMap2.get(HrFilterUtil.getRequestFormKey(request, path)).equals(HrFilterUtil.getRequestCommonLoginFormId(request, path))) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                } else {
                    httpServletResponse.getWriter().write("[{\"p\":[{\"openStyle\":\"0\",\"url\":\"" + HrFilterUtil.handleSessionTimeout(request, httpServletResponse, filterChain, null) + "\"}],\"a\":\"openUrl\"}]");
                    httpServletResponse.getWriter().flush();
                    return;
                }
            }
            Request request3 = request;
            request3.getParameterMap();
            MultiMap queryParameters2 = request3.getQueryParameters();
            JSONObject parseObject2 = JSON.parseObject(HrFilterUtil.crlfFilter(request.getParameter(WorkingCalendarConstants.PARAMS)));
            String string = parseObject2.getString(HrLoginConstants.FORMID_KEY_WEB);
            if (!parseObject2.containsKey("bizFormId")) {
                parseObject2.put("bizFormId", string);
            }
            parseObject2.put(HrLoginConstants.FORMID_KEY_WEB, HrFilterUtil.getClientCommonLoginFormId(request));
            String jSONString2 = JSON.toJSONString(parseObject2);
            request3.resetParameters();
            queryParameters2.remove(WorkingCalendarConstants.PARAMS);
            queryParameters2.put(WorkingCalendarConstants.PARAMS, jSONString2);
            request3.setQueryParameters(queryParameters2);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Exception e2) {
            LOGGER.error("HrLoginFilterError:", e2);
            KDException kDException = new KDException(LoginErrorCode.loginBizException, new Object[]{Resources.getString("系统错误，请联系系统管理员！\n", "LoginFilter_3", "bos-login", new Object[0]) + e2.getMessage()});
            try {
                ActionUtil.writeResponseJson(servletResponse, LoginUtils.getLoginResponse(String.valueOf(kDException.getErrorCode().getCode()), kDException.getMessage()));
            } catch (Exception e3) {
                throw e2;
            }
        }
    }

    private Map<String, String> getRefererQueryParamMap(HttpServletRequest httpServletRequest) throws MalformedURLException {
        Map<String, String> map = null;
        String xssEncode = HrFilterUtil.xssEncode(httpServletRequest.getHeader("Referer"));
        if (StringUtils.isEmpty(xssEncode)) {
            return null;
        }
        String query = new URL(xssEncode).getQuery();
        if (StringUtils.isNotEmpty(query) && query.contains("＆") && query.contains("=")) {
            try {
                map = split("＆", "=", query);
            } catch (Exception e) {
                LOGGER.error("resolveReferQueryError:{}", e.getMessage());
            }
        }
        return map;
    }

    private void updateSessionTimeout(HttpServletRequest httpServletRequest, String str, HrUserSessionVO hrUserSessionVO) throws IOException {
        if (isWithinMinute(hrUserSessionVO.getLastUpdateTime())) {
            return;
        }
        hrUserSessionVO.setTimeout(getHrSessionTimeout(httpServletRequest));
        hrUserSessionVO.setLastUpdateTime(System.currentTimeMillis());
        HrUserCacheUtil.hset(str, JSON.toJSONString(hrUserSessionVO));
    }

    private void handleHrUserLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String xssEncode = HrFilterUtil.xssEncode(HrFilterUtil.crlfFilter(httpServletRequest.getParameter("bizUserId")));
        String xssEncode2 = HrFilterUtil.xssEncode(httpServletRequest.getParameter("randomTag"));
        String hget = HrUserCacheUtil.hget("auth_" + xssEncode2);
        try {
            HrUserCacheUtil.hdel("auth_" + xssEncode2);
        } catch (Exception e) {
            LOGGER.error("removeHrAuthCacheError,key={}", "auth_" + xssEncode2);
        }
        String[] split = Encrypters.decode(hget).split(QueryKSqlConstants.TABLE_SEPARATOR);
        String str = split[0];
        String str2 = split[1];
        LOGGER.info("phone={} is logining", str2);
        String str3 = split[2];
        if (StringUtils.isNotEmpty(str2) && StringUtils.isNotEmpty(str3)) {
            boolean booleanValue = ((Boolean) DispatchServiceHelper.invokeBizService("hrmp", "hbss", "IHBSSLoginService", "isHrLogin", new Object[]{hget})).booleanValue();
            LOGGER.info("userId={},isLogin:{}", xssEncode, Boolean.valueOf(booleanValue));
            if (booleanValue) {
                String hrSessionId = getHrSessionId(RequestContext.get().getAccountId());
                String tenantCode = RevProxyUtil.getTenantCode(httpServletRequest);
                SessionManager.writeCookieData(httpServletRequest, httpServletResponse, getHrUserSessionCookieName(tenantCode), hrSessionId);
                String xssEncode3 = HrFilterUtil.xssEncode(HrFilterUtil.crlfFilter(httpServletRequest.getParameter(HrLoginConstants.FORMID_KEY_MOBILE)));
                String xssEncode4 = HrFilterUtil.xssEncode(HrFilterUtil.crlfFilter(httpServletRequest.getParameter("loginConfigNumber")));
                String str4 = "&loginConfigNumber=" + xssEncode4 + "&bizUserId=" + xssEncode;
                String parameter = httpServletRequest.getParameter("bizCustomParam");
                if (StringUtils.isNotEmpty(parameter)) {
                    str4 = str4 + "&bizCustomParam=" + HrFilterUtil.crlfFilter(parameter);
                }
                String accountId = RequestContext.get().getAccountId();
                httpServletResponse.sendRedirect(HrFilterUtil.getFormUrlByGuest(httpServletRequest, accountId, xssEncode3) + str4 + "&language=" + RequestContext.get().getLang().toString());
                HrUserSessionVO hrUserSessionVO = new HrUserSessionVO();
                hrUserSessionVO.setBizUserId(xssEncode);
                hrUserSessionVO.setPhone(str);
                hrUserSessionVO.setLoginPageUriParam(getLoginPageUriParam(httpServletRequest));
                hrUserSessionVO.setLoginClientType(HrFilterUtil.getClientType(httpServletRequest));
                hrUserSessionVO.setTenantId(tenantCode);
                hrUserSessionVO.setAccountId(accountId);
                hrUserSessionVO.setLoginConfigNumber(xssEncode4);
                hrUserSessionVO.setBizFormId(xssEncode3);
                hrUserSessionVO.setClientIP(HrFilterUtil.getClientIP(httpServletRequest));
                hrUserSessionVO.setTimeout(getHrSessionTimeout(httpServletRequest));
                hrUserSessionVO.setLastUpdateTime(System.currentTimeMillis());
                HrUserCacheUtil.hset(hrSessionId, JSON.toJSONString(hrUserSessionVO));
                DispatchServiceHelper.invokeBizService("hrmp", "hbss", "IHBSSLoginService", "insertLoginOpLog", new Object[]{new LoginOpDTO(xssEncode, HrLoginConstants.OPNAME_LOGIN, HrFilterUtil.getClientType(httpServletRequest))});
            }
        }
    }

    private String getLoginPageUriParam(HttpServletRequest httpServletRequest) throws MalformedURLException {
        URL url = new URL(HrFilterUtil.xssEncode(httpServletRequest.getHeader("Referer")));
        String path = url.getPath();
        String query = url.getQuery();
        Map<String, String> map = null;
        if (StringUtils.isNotEmpty(query) && query.contains("＆") && query.contains("=")) {
            try {
                map = split("＆", "=", query);
            } catch (Exception e) {
                LOGGER.error("resolveReferQueryError:{}", e.getMessage());
            }
        }
        if (null == map) {
            LOGGER.error("HrLoginFilter: QueryMap is null.");
            throw new KDException("HrLoginFilter: QueryMap is null.");
        }
        String str = map.get("loginConfigNumber");
        LoginConfigDTO loginConfigDTO = (LoginConfigDTO) DispatchServiceHelper.invokeBizService("hrmp", "hbss", "IHBSSLoginService", "getHrLoginConfig", new Object[]{str});
        String str2 = map.get(EsConstants.ACCOUNT_ID);
        String requestFormKey = HrFilterUtil.getRequestFormKey(httpServletRequest, path);
        String requestCommonLoginFormId = HrFilterUtil.getRequestCommonLoginFormId(httpServletRequest, path);
        String str3 = "&loginConfigNumber=" + str + "&bizFormId=" + loginConfigDTO.getRedirectFormId() + "&bizUserId=" + map.get("bizUserId");
        String str4 = map.get("bizCustomParam");
        if (StringUtils.isNotEmpty(str4)) {
            str3 = str3 + "&bizCustomParam=" + HrFilterUtil.crlfFilter(str4);
        }
        String langCode = loginConfigDTO.getLangCode();
        if (StringUtils.isNotEmpty(HrFilterUtil.xssEncode(httpServletRequest.getParameter("language")))) {
            langCode = LoginLangUtils.getLoginLanguage(httpServletRequest).toString();
        }
        return HrFilterUtil.getRequestHtmlPath(httpServletRequest, path) + "?" + getFormUriParamByGuest(str2, requestFormKey, requestCommonLoginFormId) + str3 + "&language=" + langCode;
    }

    private Map<String, String> split(String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        for (String str4 : str3.split(str)) {
            String[] split = str4.split(str2);
            hashMap.putIfAbsent(split[0].trim(), split.length > 1 ? split[1].trim() : "");
        }
        return hashMap;
    }

    private String getFormUriParamByGuest(String str, String str2, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append("userId=Guest&needReset=true").append("&accountId=").append(str).append("&").append(str2).append("=").append(str3);
        return sb.toString();
    }

    private boolean isWithinMinute(long j) {
        return 60 - ((int) ((System.currentTimeMillis() - j) / 1000)) > 0;
    }

    private long getHrSessionTimeout(HttpServletRequest httpServletRequest) {
        String proptyByTenant = SystemPropertyUtils.getProptyByTenant("kd.hr.session.timeout", RevProxyUtil.getTenantCode(httpServletRequest));
        if (StringUtils.isEmpty(proptyByTenant)) {
            proptyByTenant = "1800";
        }
        return System.currentTimeMillis() + (Long.parseLong(proptyByTenant) * 1000);
    }

    private String getHrUserSessionCookieName(String str) {
        return "KHRSESSIONID" + str;
    }

    private String getHrSessionId(String str) {
        return str + QueryKSqlConstants.TABLE_SEPARATOR + StringUtils.randomWord(100);
    }

    private void initSessionTimeoutListener() {
        int i = 0;
        try {
            i = SecureRandom.getInstance("SHA1PRNG").nextInt(30);
        } catch (NoSuchAlgorithmException e) {
            LOGGER.error(e.getMessage());
        }
        final HrSessionTimeoutListener hrSessionTimeoutListener = new HrSessionTimeoutListener();
        new Timer().schedule(new TimerTask() { // from class: kd.bos.ext.hr.web.filter.HrLoginFilter.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                ThreadLifeCycleManager.start();
                try {
                    hrSessionTimeoutListener.destoryTimeoutSession();
                } finally {
                    ThreadLifeCycleManager.end();
                }
            }
        }, 1000 * i, 60000L);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        try {
            Field declaredField = Thread.currentThread().getContextClassLoader().loadClass(DateUtil.class.getName()).getDeclaredField("lastCachedResult");
            if (!declaredField.isAccessible()) {
                declaredField.setAccessible(true);
            }
            declaredField.set(null, ThreadLocal.withInitial(() -> {
                return Boolean.FALSE;
            }));
        } catch (Exception e) {
            LOGGER.error("reflectUpdate lastCachedResult error", e.getMessage());
        }
    }

    public void destroy() {
    }
}
