package com.butor.sso.web.servlet;

import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Enumeration;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.butor.auth.common.firm.Firm;
import org.butor.auth.common.user.User;
import org.butor.json.JsonHelper;
import org.butor.sso.SSOHelper;
import org.butor.sso.SSOInfo;
import org.butor.sso.SSOManager;
import org.butor.sso.TicketInfo;
import org.butor.sso.UserInfoProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:com/butor/sso/web/servlet/SSOServlet.class */
public class SSOServlet extends HttpServlet {
    private static final long serialVersionUID = 7691215238073544628L;
    private Logger logger = LoggerFactory.getLogger(getClass());
    protected SSOManager ssoManager = null;
    private JsonHelper jsh = new JsonHelper();
    protected UserInfoProvider userInfoProvider = null;
    protected String ssoSigninUrl = null;

    /* loaded from: input_file:com/butor/sso/web/servlet/SSOServlet$ByteCountingOutputStream.class */
    final class ByteCountingOutputStream extends OutputStream {
        long count;

        ByteCountingOutputStream() {
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            this.count += i2;
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            this.count++;
        }
    }

    public void init(ServletConfig servletConfig) {
        WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(servletConfig.getServletContext());
        this.ssoManager = (SSOManager) webApplicationContext.getBean(SSOManager.class);
        this.userInfoProvider = (UserInfoProvider) webApplicationContext.getBean(UserInfoProvider.class);
        this.ssoSigninUrl = (String) webApplicationContext.getBean("ssoSigninUrl");
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String lowerCase = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()).toLowerCase();
        if (lowerCase != null) {
            lowerCase = validateStr(lowerCase);
        }
        String parameter = httpServletRequest.getParameter("service");
        if (parameter != null) {
            parameter = validateStr(parameter);
        }
        if (this.logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("URI:").append(httpServletRequest.getRequestURI()).append(", args:");
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str = (String) parameterNames.nextElement();
                sb.append(str);
                sb.append("=");
                sb.append(httpServletRequest.getParameter(str));
                if (parameterNames.hasMoreElements()) {
                    sb.append(", ");
                }
            }
            sb.append(", page:").append(lowerCase);
            this.logger.debug(sb.toString());
        }
        if (lowerCase.startsWith("/signout")) {
            destroySSO(httpServletRequest, httpServletResponse, parameter);
            return;
        }
        if (lowerCase.startsWith("/checksso")) {
            checkSSO(httpServletRequest, httpServletResponse);
            return;
        }
        if (lowerCase.startsWith("/checkticket")) {
            checkTicket(httpServletRequest, httpServletResponse);
            return;
        }
        if (lowerCase.startsWith("/getticket")) {
            genTicket(httpServletRequest, httpServletResponse);
        } else if (lowerCase.startsWith("/reset")) {
            resetPwd(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setStatus(503);
        }
    }

    public void checkSSO(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("sso_id");
        SSOInfo sSOSession = this.ssoManager.getSSOSession(parameter);
        if (sSOSession == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("sso not found {}", parameter);
            }
            httpServletResponse.setStatus(401);
        } else {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("sso is valid {}", parameter);
            }
            httpServletResponse.setStatus(200);
            answer(httpServletRequest, httpServletResponse, this.jsh.serialize(sSOSession));
        }
    }

    public void genTicket(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String createTicket = this.ssoManager.createTicket(SSOHelper.getCookie(httpServletRequest, "sso_id"));
        if (createTicket == null) {
            httpServletResponse.setStatus(401);
        } else {
            httpServletResponse.setStatus(200);
            answer(httpServletRequest, httpServletResponse, createTicket);
        }
    }

    public void checkTicket(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        TicketInfo validateTicket = this.ssoManager.validateTicket(httpServletRequest.getParameter("ticket"));
        if (validateTicket == null) {
            httpServletResponse.setStatus(401);
            return;
        }
        String replace = this.jsh.serialize(validateTicket).replace("\"id\":", "\"user_login\":");
        httpServletResponse.setStatus(200);
        answer(httpServletRequest, httpServletResponse, replace);
    }

    public void resetPwd(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("id");
        String parameter2 = httpServletRequest.getParameter("t");
        String id = httpServletRequest.getSession().getId();
        String serverName = httpServletRequest.getServerName();
        User readUser = this.userInfoProvider.readUser(parameter, id, (String) null, "fr", serverName);
        if (null == parameter2 || null == readUser || !parameter2.equals(readUser.getPwd())) {
            httpServletResponse.sendRedirect(this.ssoSigninUrl + "?m=b&_=" + System.currentTimeMillis());
            return;
        }
        if (isTwoStepsSignin(readUser.getFirmId(), id, null, "fr", serverName)) {
            httpServletRequest.getSession().setAttribute("forceSignin", "1");
        }
        httpServletResponse.sendRedirect(this.ssoSigninUrl + "?m=c&id=" + parameter + "&token=" + parameter2 + "&_=" + System.currentTimeMillis());
    }

    protected boolean isTwoStepsSignin(long j, String str, String str2, String str3, String str4) {
        boolean z = true;
        Firm readFirm = this.userInfoProvider.readFirm(j, str, str2, str3, str4);
        if (readFirm == null) {
            this.logger.warn("Firm (firmId={}) not found or there is permission problem!", Long.valueOf(j));
        } else if (readFirm.getAttribute("twoStepsSignin") != null) {
            z = ((Boolean) readFirm.getAttribute("twoStepsSignin")).booleanValue();
            if (!z) {
                this.logger.info("Firm {} has disabled signin challenge questions!", readFirm.getFirmName());
            }
        }
        return z;
    }

    public void destroySSO(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        String cookie = SSOHelper.getCookie(httpServletRequest, "sso_id");
        this.logger.info(String.format("Destroying sso %s. ...", cookie));
        SSOHelper.removeCookie(httpServletResponse, "sso_id", "/");
        HttpSession session = httpServletRequest.getSession();
        session.removeAttribute("id");
        session.removeAttribute("sso_id");
        session.invalidate();
        this.ssoManager.destroySSOSession(cookie);
        httpServletResponse.setStatus(200);
        if (str != null) {
            httpServletResponse.sendRedirect((str.indexOf("?") == -1 ? str + "?" : str + "&") + "_=" + System.currentTimeMillis());
        }
    }

    private String validateStr(String str) throws UnsupportedEncodingException {
        if (str != null) {
            str = URLDecoder.decode(str, "UTF-8");
            if (str.indexOf("<") > -1 || str.indexOf(">") > -1 || str.indexOf("script") > -1) {
                this.logger.warn("Got invalid string! str=" + str);
                return "";
            }
        }
        return str;
    }

    public void answer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        httpServletResponse.setContentType("text/json");
        if (str != null) {
            byte[] bytes = str.getBytes("utf-8");
            httpServletResponse.setContentLength(bytes.length);
            httpServletResponse.setCharacterEncoding("utf-8");
            httpServletResponse.getOutputStream().write(bytes);
            httpServletResponse.flushBuffer();
        }
    }

    public String getUsername(HttpServletRequest httpServletRequest) {
        String str = null;
        if (httpServletRequest != null) {
            str = httpServletRequest.getRemoteUser();
        }
        return str;
    }
}
