package com.trs.idm.client.filter;

import com.trs.idm.client.actor.ActorException;
import com.trs.idm.client.actor.SSOUser;
import com.trs.idm.client.actor.v2.IServletAppActorV2;
import com.trs.idm.client.filter.logicProcessor.AddGroupProcessor;
import com.trs.idm.client.filter.logicProcessor.AddUserProcessor;
import com.trs.idm.client.filter.logicProcessor.DelGroupProcessor;
import com.trs.idm.client.filter.logicProcessor.DelUserProcessor;
import com.trs.idm.client.filter.logicProcessor.DisableUserProcessor;
import com.trs.idm.client.filter.logicProcessor.EnableUserProcessor;
import com.trs.idm.client.filter.logicProcessor.IDSCmdProcessor;
import com.trs.idm.client.filter.logicProcessor.LoginProcessor;
import com.trs.idm.client.filter.logicProcessor.LogoutProcessor;
import com.trs.idm.client.filter.logicProcessor.MoveToGroupProcessor;
import com.trs.idm.client.filter.logicProcessor.NullProcessor;
import com.trs.idm.client.filter.logicProcessor.PingProcessor;
import com.trs.idm.client.filter.logicProcessor.RemoveFromGroupProcessor;
import com.trs.idm.client.filter.logicProcessor.UpdateGroupProcessor;
import com.trs.idm.client.filter.logicProcessor.UpdateSSOUrlProcessor;
import com.trs.idm.client.filter.logicProcessor.UpdateUserProcessor;
import com.trs.idm.exception.ClientTransferException;
import com.trs.idm.exception.NoSuchSSOIDException;
import com.trs.idm.interact.agent.AgentConfig;
import com.trs.idm.interact.agent.AgentFactory;
import com.trs.idm.interact.agent.AgentUtil;
import com.trs.idm.interact.agent.IAgent;
import com.trs.idm.interact.agent.LoginResult;
import com.trs.idm.interact.agent.validator.IAgentPropertiesValidator;
import com.trs.idm.model.sso.samedomain.SameDomainSSOHelper;
import com.trs.idm.system.ClientConst;
import com.trs.idm.system.SSOConst;
import com.trs.idm.util.Base64Util;
import com.trs.idm.util.CookieHelper;
import com.trs.idm.util.HttpConst;
import com.trs.idm.util.LoginEncoder;
import com.trs.idm.util.P3PUtil;
import com.trs.idm.util.RequestUtil;
import com.trs.idm.util.StringHelper;
import com.trs.idm.util.UrlUtil;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.ebookdroid.core.AbstractViewController;

/* loaded from: classes.dex */
public class GeneralSSOFilter implements Filter {
    public static final String APP_GUEST_FLG = "com.trs.ids.guest";
    private static final Logger LOG = Logger.getLogger(GeneralSSOFilter.class);
    protected IAgent agent;
    private int domainLevel;
    protected String encryptAgentName;
    private IdsAgentAccessHelper idsAgentAccessHelper;
    protected Map idsCmdProcessors;
    protected String[] justVerifyPrefixes;
    protected String[] onlyProcessPrefixes;
    protected String pwdParamOfJustVerify;
    private IServletAppActorV2 servletAppActor;
    protected String userParamOfJustVerify;
    protected String verifyFailUri;

    private String buildCoAppUrlNotConnectIds(HttpServletRequest httpServletRequest, Exception exc) {
        String property = this.agent.getProperty(AgentConfig.COAPP_DEFAULT_URL_WHILE_CAN_NOT_CONNECT_IDS);
        if (LOG.isDebugEnabled()) {
            LOG.debug("get coAppUrlNotConnectIds[" + property + "] by agentConfig[" + AgentConfig.COAPP_DEFAULT_URL_WHILE_CAN_NOT_CONNECT_IDS + "]");
        }
        if (StringHelper.isEmpty(property)) {
            property = this.agent.restoreOriginAccessUrl(httpServletRequest);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("get coAppUrlNotConnectIds[" + property + "] to sendRedirect", exc);
        }
        return property;
    }

    private void checkIsSSOAlive(String str, CookieHelper cookieHelper) {
        try {
            if (this.agent.findSSOID(str) == null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("SSOId from IDS by coSession [" + str + "] is null, remove the SSOBind.");
                }
                AgentUtil.removeSSOBind(cookieHelper, this.agent);
            }
        } catch (Throwable th) {
            LOG.error("failed to find SSOID from IDS by coSession[" + str + "], remove the agent's SSOBind.", th);
            AgentUtil.removeSSOBind(cookieHelper, this.agent);
        }
    }

    private void excuteAutoLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str, boolean z, CookieHelper cookieHelper) throws UnsupportedEncodingException, IOException, ServletException {
        String value = cookieHelper.getValue("idsALInfo");
        if (!StringHelper.isEmpty(value)) {
            value = URLDecoder.decode(value, "GBK").replace('*', '=');
        }
        String value2 = cookieHelper.getValue("idsALUserSource");
        String str2 = null;
        String str3 = null;
        if (value != null && value.trim().length() > 0) {
            if (z) {
                LOG.debug("autoLoginCookie is found, and App is already localLogoin, so pass directly");
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } else {
                str2 = LoginEncoder.decodeUser(value);
                str3 = LoginEncoder.decodePwd(value);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("(ckAutoLoginInfo, usr, pwd, sourceName)=" + value + ", " + str2 + ", " + str3 + ", sourceName: " + value2);
                }
            }
        }
        new LoginResult();
        LoginResult loginUserForSameDomainSSO = this.agent.loginUserForSameDomainSSO(str2, str3, value2, str, RequestUtil.getRemoteAddr(httpServletRequest, this.agent.getOriginalClientIPHttpHeader()));
        if (!loginUserForSameDomainSSO.isSuccess()) {
            clearAutoLoginCookie(httpServletRequest, httpServletResponse);
            LOG.warn("AutoLogin with auto login cookie fail");
            return;
        }
        String sdToken = loginUserForSameDomainSSO.getSdToken();
        String sSOIdFromSDToken = SameDomainSSOHelper.getSSOIdFromSDToken(sdToken);
        SameDomainSSOHelper.plantSameDomainCookie(httpServletRequest, httpServletResponse, sdToken, true, this.agent.getSDSSOCookieDomain(), this.agent.getSDSSOCookiePath(), this.agent.getOriginalHostHttpHeader());
        SameDomainSSOHelper.plantIDSCookie(httpServletRequest, httpServletResponse, true, sSOIdFromSDToken, this.agent.getSDSSOCookieDomain(), this.agent.getSDSSOIDSCookiePath(), this.agent.getOriginalHostHttpHeader());
        SSOUser sSOUser = loginUserForSameDomainSSO.getSSOUser();
        if (sSOUser == null) {
            LOG.warn("Login in IDS OK, but SSOUser from IDS is null!");
        }
        SameDomainSSOHelper.plantAppCurrentLoginedSSOIDCookie(httpServletRequest, httpServletResponse, true, sSOIdFromSDToken, this.agent.getSDSSOCookieDomain(), this.agent.getSDSSOIDSCookiePath(), this.agent.getAgentName());
        this.agent.getServletAppActorV2().loadLoginUser(httpServletRequest, httpServletResponse, sSOUser);
        LOG.info("localLogin by actor done with autoLoing");
        httpServletResponse.sendRedirect(httpServletRequest.getRequestURL().toString());
    }

    private void getAgentProperty() {
        this.onlyProcessPrefixes = StringHelper.split(this.agent.getProperty("processUrl.prefix", null), ",");
        this.justVerifyPrefixes = StringHelper.split(this.agent.getProperty("verifyButNotLogin.uri", null), ",");
        this.userParamOfJustVerify = this.agent.getProperty("verifyButNotLogin.paramName.userName");
        this.pwdParamOfJustVerify = this.agent.getProperty("verifyButNotLogin.paramName.password");
        this.verifyFailUri = this.agent.getProperty("verifyButNotLogin.fail.uri");
        this.encryptAgentName = encryStr(this.agent.getAgentName());
        this.domainLevel = Integer.parseInt(this.agent.getProperty("cookie.domain.level", "0"));
    }

    private String getSSOUserInfoForLOG(SSOUser sSOUser) {
        if (sSOUser == null) {
            return null;
        }
        String sSOUser2 = sSOUser.toString();
        return (sSOUser2 == null || sSOUser2.indexOf(ClientConst.USERPROPS_PLAINUSERPWD) < 0) ? sSOUser2 : String.valueOf(sSOUser2.substring(0, sSOUser2.indexOf(ClientConst.USERPROPS_PLAINUSERPWD))) + sSOUser2.substring(sSOUser2.indexOf(sSOUser.getProperty(ClientConst.USERPROPS_PLAINUSERPWD)) + sSOUser.getProperty(ClientConst.USERPROPS_PLAINUSERPWD).length() + 1);
    }

    private void handleServerException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc, String str, String str2) {
        LOG.error("Error while finding SSOUser from IDSServer using socket, current ssoid[" + str2 + "] or coSessionId[" + str + "], this might happen because network error or IDS is stopped.", exc);
        httpServletRequest.setAttribute(ClientConst.AGENT_EXCEPTION_OBJ_IN_REQ, exc);
        showHaltPage(httpServletRequest, httpServletResponse, exc);
    }

    private void initFilterByAgent(ServletContext servletContext) {
        getAgentProperty();
        initIDSCmdProcessors();
        initServletAppActor(servletContext);
    }

    private void initServletAppActor(ServletContext servletContext) {
        this.servletAppActor = this.agent.getServletAppActorV2();
        if (this.servletAppActor == null) {
            throw new NullPointerException("协作应用没有正确集成! agent.getServletAppActor() returns null!");
        }
        try {
            this.servletAppActor.start(servletContext);
        } catch (AbstractMethodError e) {
            LOG.error("Error while IDS GeneralSSOFilter start , please check you Actor[" + this.agent.getCoAppActorClassName() + "] implements start(ServletContext) and stop methods, whick is added in IDS Agent version v4.0", e);
        }
    }

    private boolean isFilterNotInited() {
        return this.servletAppActor == null;
    }

    private void logRequestInfoForDeBug(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(256);
        stringBuffer.append("original serletPath: ").append(httpServletRequest.getServletPath()).append("; ");
        stringBuffer.append("pathInfo: ").append(httpServletRequest.getPathInfo()).append("; ");
        stringBuffer.append("queryString: ").append(httpServletRequest.getQueryString()).append("; ");
        stringBuffer.append("actualFullPath: " + httpServletRequest.getServletPath());
        LOG.debug(stringBuffer.toString());
    }

    private void processIDSRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header = httpServletRequest.getHeader(HttpConst.HEADER_IDS_CMD);
        LOG.debug("processIDSRequest cmd:" + header + ", by HttpConst.HEADER_IDS_CMD:" + HttpConst.HEADER_IDS_CMD);
        IDSCmdProcessor iDSCmdProcesser = getIDSCmdProcesser(header);
        LOG.debug("getIDSCmdProcesser processor.getIDSCmd():" + iDSCmdProcesser.getIDSCmd() + ", by cmd:" + header);
        try {
            iDSCmdProcesser.process(httpServletRequest, httpServletResponse);
        } catch (Throwable th) {
            LOG.error(iDSCmdProcesser + " process IDSCmd fail,cmd=" + httpServletRequest.getHeader(HttpConst.HEADER_IDS_CMD), th);
            httpServletResponse.sendError(AbstractViewController.DOUBLE_TAP_TIME, "process ids request(cmd=) fail ,error:" + th.getMessage() + ", errro type:" + th.getClass());
        }
    }

    private void processLogouRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IServletAppActorV2 iServletAppActorV2, String str, boolean z, CookieHelper cookieHelper) throws IOException {
        String logoutReturnUrl = AgentUtil.getLogoutReturnUrl(httpServletRequest, this.agent);
        String referUrl = RequestUtil.getReferUrl(httpServletRequest);
        LOG.info("isLogoutRequest(req)=true, actualRetUrl=" + logoutReturnUrl);
        if (z) {
            cookieHelper.removeCookie(ClientConst.SD_SSO_COOKIENAME, "/", this.agent.getProperty(ClientConst.COOKIE_DOMAIN, null));
        }
        AgentUtil.removeSSOBind(cookieHelper, this.agent);
        try {
            if (!this.agent.logout(str)) {
                LOG.warn("logout fail(by user)! sessId=" + str);
                return;
            }
            iServletAppActorV2.logout(httpServletRequest, httpServletResponse);
            if (httpServletResponse.isCommitted()) {
                return;
            }
            this.agent.notifyTimeout(str);
            if (this.agent.getGlobalLoginUrl() == null) {
                httpServletResponse.sendRedirect(logoutReturnUrl);
                return;
            }
            StringBuffer stringBuffer = new StringBuffer(160);
            stringBuffer.append(this.agent.getGlobalLoginUrl());
            stringBuffer.append("?clearAL=1&r=").append(UrlUtil.encode(logoutReturnUrl)).append("&referURL=").append(UrlUtil.encode(referUrl)).append("&appName=").append(this.agent.getAgentName());
            httpServletResponse.sendRedirect(stringBuffer.toString());
        } catch (IOException e) {
            LOG.error("I/O error", e);
            httpServletRequest.setAttribute(ClientConst.AGENT_EXCEPTION_OBJ_IN_REQ, e);
        }
    }

    private void processRegRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (StringHelper.isEmpty(this.agent.getRegUserFullUrl())) {
            httpServletResponse.sendError(AbstractViewController.DOUBLE_TAP_TIME, "[IDSAgent]servlet not found: " + httpServletRequest.getContextPath() + ClientConst.IdS_COAPP_USERREG_SERVLET);
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("regist user from " + this.agent.getAgentName());
        }
        httpServletResponse.sendRedirect(this.agent.getRegUserFullUrl());
    }

    private void processSSOLoginByLocalPage(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (!this.agent.isAllowAnonymous()) {
            LOG.info("this request is SSOLoginReqByLocalPage,but this is an notAllowAnonymous CoApp, so pass directly");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        boolean parameterAsBool = RequestUtil.getParameterAsBool(httpServletRequest, "isFromIDSAutoSubmitPage");
        LOG.info("isFromIDSAutoSubmitPage: " + parameterAsBool);
        LOG.info("agent.continueLocalLoginIfUserNotFoundOnIDS(): " + this.agent.continueLocalLoginIfUserNotFoundOnIDS());
        if (parameterAsBool && this.agent.continueLocalLoginIfUserNotFoundOnIDS()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(ClientConst.SSO_PROXY_SERVLET);
        if (requestDispatcher == null) {
            throw new ServletException("The Servlet Not Found: /TRSIdSSSOProxyServlet");
        }
        requestDispatcher.forward(httpServletRequest, httpServletResponse);
    }

    private void processSameDomainRequest(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, CookieHelper cookieHelper) throws IOException, ServletException {
        SSOUser sSOUser = null;
        String value = cookieHelper.getValue(ClientConst.SD_SSO_COOKIENAME);
        if (LOG.isDebugEnabled()) {
            LOG.debug("sameDomain. ssoId=" + value);
        }
        if (value != null && value.trim().length() > 0) {
            try {
                sSOUser = this.agent.findSSOUser(value, str, RequestUtil.getRemoteAddr(httpServletRequest, this.agent.getOriginalClientIPHttpHeader()));
            } catch (NoSuchSSOIDException e) {
                cookieHelper.removeCookie(ClientConst.SD_SSO_COOKIENAME, "/", this.agent.getProperty(ClientConst.COOKIE_DOMAIN, null));
            } catch (Exception e2) {
                LOG.error("agent.findUserBySSOSessionId(" + value + ", " + str + ") fail!", e2);
            }
            if (sSOUser != null) {
                this.servletAppActor.loadLoginUser(httpServletRequest, httpServletResponse, sSOUser);
                if (httpServletResponse.isCommitted()) {
                    return;
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void processSameDomainSSOAccessing(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str) throws IOException, ServletException {
        boolean checkLocalLogin = this.agent.getServletAppActorV2().checkLocalLogin(httpServletRequest, httpServletResponse);
        CookieHelper cookieHelper = new CookieHelper(httpServletRequest, httpServletResponse);
        String value = cookieHelper.getValue(SSOConst.SDSSO_COOKIE_NAME);
        LOG.debug("SDToken in Cookie: " + value + "; isAlreadyLocalLogin: " + checkLocalLogin);
        if (value == null) {
            if (checkLocalLogin) {
                LOG.warn("SameDomainCookie is not found, but App is already localLogin, so excute local logout method in actor");
                this.agent.getServletAppActorV2().logout(httpServletRequest, httpServletResponse);
            }
            excuteAutoLogin(httpServletRequest, httpServletResponse, filterChain, str, checkLocalLogin, cookieHelper);
            LOG.debug("SameDomainCookie is not found, and localLogin status now is:[" + this.agent.getServletAppActorV2().checkLocalLogin(httpServletRequest, httpServletResponse) + "], so this is an anonymous access, pass directly");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String sSOIdFromSDToken = SameDomainSSOHelper.getSSOIdFromSDToken(value);
        if (System.currentTimeMillis() >= SameDomainSSOHelper.getValidTimeFromSDToken(value)) {
            cookieHelper.removeCookie(SSOConst.SDSSO_COOKIE_NAME, this.agent.getSDSSOCookiePath(), this.agent.getSDSSOCookieDomain());
            LOG.info("SSOSession[" + sSOIdFromSDToken + "] is already timeout or not exist in IDS, so clear SameDomain Cookie");
            this.agent.getServletAppActorV2().logout(httpServletRequest, httpServletResponse);
            excuteAutoLogin(httpServletRequest, httpServletResponse, filterChain, str, checkLocalLogin, cookieHelper);
            LOG.info("Excute logout method in Actor Done");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (checkLocalLogin && sSOIdFromSDToken.equals(SameDomainSSOHelper.getAppCurrentLoginedSSOID(httpServletRequest, httpServletResponse, this.agent.getAgentName()))) {
            LOG.debug("SameDomainCookie is found, and App is already localLogoin, so pass directly");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        SSOUser sSOUser = null;
        try {
            sSOUser = this.agent.findSSOUser(sSOIdFromSDToken, str, RequestUtil.getRemoteAddr(httpServletRequest, this.agent.getOriginalClientIPHttpHeader()));
        } catch (Exception e) {
            LOG.error("Find SSOUser from IDS by SameDomain SSOSessionID error", e);
        }
        LOG.info("ssoUser found by SSOId[" + sSOIdFromSDToken + "] in SDToken from IDS Server: " + sSOUser);
        if (sSOUser != null) {
            SameDomainSSOHelper.plantAppCurrentLoginedSSOIDCookie(httpServletRequest, httpServletResponse, true, sSOIdFromSDToken, this.agent.getSDSSOCookieDomain(), this.agent.getSDSSOIDSCookiePath(), this.agent.getAgentName());
            this.agent.getServletAppActorV2().loadLoginUser(httpServletRequest, httpServletResponse, sSOUser);
            LOG.info("user SSOUser[" + sSOUser.getUserName() + "] to do localLogin by actor.loadLoginUser finished");
            LOG.info("localLogin status now is:[" + this.agent.getServletAppActorV2().checkLocalLogin(httpServletRequest, httpServletResponse) + "], pass directly");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        LOG.warn("Can not find SSOUser by SSOId[" + sSOIdFromSDToken + "]");
        cookieHelper.removeCookie(SSOConst.SDSSO_COOKIE_NAME, this.agent.getSDSSOCookiePath(), this.agent.getSDSSOCookieDomain());
        LOG.info("clear samedomain cookie");
        if (checkLocalLogin) {
            LOG.warn("Can not find SSOUser by sso SSOId[" + sSOIdFromSDToken + "], but App is already localLogin, so excute localLogout method in actor");
            this.agent.getServletAppActorV2().logout(httpServletRequest, httpServletResponse);
        }
        LOG.info("localLogin status now is:[" + this.agent.getServletAppActorV2().checkLocalLogin(httpServletRequest, httpServletResponse) + "], pass directly");
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void processVerifyNotLoginRequest(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        VerifyResult verifyUser = this.agent.verifyUser(getVerifyReqInfo(httpServletRequest));
        if (verifyUser.isLegal()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        LOG.info(verifyUser);
        httpServletRequest.setAttribute("ids.verifyUser.failInfo", verifyUser.getFailInfo());
        httpServletRequest.getRequestDispatcher(this.verifyFailUri).forward(httpServletRequest, httpServletResponse);
    }

    private void refreshSSOSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String property = this.agent.getProperty("coapp.need.refresh", String.valueOf(true));
        if (!StringHelper.parseBoolean(property)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("get needRefreshStr[" + property + "] is false, so return!");
                return;
            }
            return;
        }
        CookieHelper cookieHelper = new CookieHelper(httpServletRequest, httpServletResponse);
        long parseLong = StringHelper.parseLong(cookieHelper.getValue("refreshedTimestamp"));
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - parseLong >= 300000) {
            try {
                String findSSOID = this.agent.findSSOID(str);
                if (!StringHelper.isEmpty(findSSOID)) {
                    cookieHelper.addCookie("refreshedTimestamp", String.valueOf(currentTimeMillis));
                    this.agent.refresh(findSSOID, this.servletAppActor.getSessionId(httpServletRequest, httpServletResponse, true), RequestUtil.getRemoteAddr(httpServletRequest, this.agent.getOriginalClientIPHttpHeader()));
                } else if (LOG.isDebugEnabled()) {
                    LOG.debug("ssoId is null by agent.findSSOID(" + str + "). no need to refresh .");
                }
            } catch (ActorException e) {
                LOG.error(e.getMessage(), e);
            } catch (Throwable th) {
                LOG.error(th.getMessage(), th);
            }
        }
    }

    private void updateSsoSwitch(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        LOG.debug("update sso switch request!trs-ids-cmd : " + httpServletRequest.getHeader(HttpConst.HEADER_IDS_CMD));
        String header = httpServletRequest.getHeader(HttpConst.HEADER_AGENT_SSO_SWITCH_VALUE);
        LOG.debug("ssoSwitchValue:" + header);
        this.agent.setSSOSwitch(new Boolean(header).booleanValue());
        httpServletResponse.getOutputStream().print(this.agent.getProperty(AgentConfig.NAME));
    }

    protected boolean allowGuest(boolean z) {
        return this.agent.isAllowAnonymous() && !z;
    }

    public void clearAutoLoginCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie("idsALInfo", "");
        Cookie cookie2 = new Cookie("idsALUserSource", "");
        if (cookie != null) {
            cookie.setMaxAge(0);
            cookie.setDomain(this.agent.getSDSSOCookieDomain());
            cookie.setPath(this.agent.getSDSSOCookiePath());
            httpServletResponse.addCookie(cookie);
        }
        if (cookie2 != null) {
            cookie.setMaxAge(0);
            cookie2.setDomain(this.agent.getSDSSOCookieDomain());
            cookie2.setPath(this.agent.getSDSSOCookiePath());
            httpServletResponse.addCookie(cookie2);
        }
    }

    protected void clearIDSCmdProcessors() {
        if (this.idsCmdProcessors != null) {
            this.idsCmdProcessors.clear();
        }
    }

    public void destroy() {
        if (this.servletAppActor != null) {
            try {
                this.servletAppActor.stop();
            } catch (AbstractMethodError e) {
                LOG.error("Error while IDS GeneralSSOFilter start , please check you Actor[" + this.agent.getCoAppActorClassName() + "] implements start(ServletContext) and stop methods, whick is added  in IDS Agent version 3.5.3500", e);
            }
        }
        if (this.agent != null) {
            this.agent.stop();
        }
        clearIDSCmdProcessors();
        LOG.info("Filter Destoryed!");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String relativePathWithPara = RequestUtil.getRelativePathWithPara(httpServletRequest);
        String method = httpServletRequest.getMethod();
        if (LOG.isDebugEnabled()) {
            LOG.debug("relativePathWithPara: " + relativePathWithPara + "; method: " + method);
        }
        if (this.agent == null) {
            throw new ServletException("IDS Agent启动失败：请检查系统日志，以获得准确的启动失败原因！");
        }
        if (this.idsAgentAccessHelper == null) {
            LOG.error("idsAgentAccessHelper is null ,so let it go directly. agent info [" + this.agent + "]");
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.idsAgentAccessHelper.isIDSURL(relativePathWithPara)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("RequestUrl [" + relativePathWithPara + "] is a request for IDS, let it go .");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.idsAgentAccessHelper.isAgentDebugJsp(relativePathWithPara)) {
            String str = ClientConst.IDSAGENT_JSP_PREFIX + RequestUtil.getCurrentPage(httpServletRequest);
            RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(str);
            if (requestDispatcher != null) {
                requestDispatcher.forward(httpServletRequest, httpServletResponse);
                return;
            } else {
                httpServletResponse.sendError(AbstractViewController.DOUBLE_TAP_TIME, "[IDSAgent]page not found: " + str);
                return;
            }
        }
        if (ClientConst.PRODUCT_ENG_NAME.equals(httpServletRequest.getHeader(HttpConst.HEADER_USER_AGENT)) && HttpConst.IDSCMD_UPDAGENTSSOSWITCH.equals(httpServletRequest.getHeader(HttpConst.HEADER_IDS_CMD))) {
            updateSsoSwitch(httpServletRequest, httpServletResponse);
            return;
        }
        if (!this.agent.useSSO()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("IDS SSO Feature is stop now, so pass directly");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (isFilterNotInited()) {
            initFilterByAgent(httpServletRequest.getSession().getServletContext());
        }
        if (!StringHelper.isEmpty(this.agent.getOriginalClientIPHttpHeader())) {
            httpServletRequest.setAttribute("XForwardedFor-Name", this.agent.getOriginalClientIPHttpHeader());
        }
        if (!StringHelper.isEmpty(this.agent.getOriginalHostHttpHeader())) {
            httpServletRequest.setAttribute("XForwardedHost-Name", this.agent.getOriginalHostHttpHeader());
        }
        String sessionId = this.servletAppActor.getSessionId(httpServletRequest, httpServletResponse, true);
        refreshSSOSession((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, sessionId);
        if (!this.idsAgentAccessHelper.isMustProcessUrls(relativePathWithPara, method) && this.idsAgentAccessHelper.needIgnore(relativePathWithPara)) {
            logRequestInfoForDeBug(httpServletRequest);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.idsAgentAccessHelper.isCheckAgentPropertiesRequest(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (!this.agent.isStarted()) {
            if (this.agent.getPropertiesValidator().check()) {
                throw new ServletException("IDS Agent启动失败：请检查系统日志，以获得准确的启动失败原因！");
            }
            httpServletRequest.getRequestDispatcher(IAgentPropertiesValidator.ERRORPAGE).forward(httpServletRequest, httpServletResponse);
            return;
        }
        String property = this.agent.getProperty(ClientConst.COOKIE_DOMAIN, null);
        boolean z = property != null && RequestUtil.getServerName(httpServletRequest).endsWith(property);
        CookieHelper cookieHelper = new CookieHelper(httpServletRequest, httpServletResponse, this.domainLevel);
        if (!this.agent.isSocketAlive()) {
            LOG.warn("IDS is down, pass all request!");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.idsAgentAccessHelper.isIDSRequest(httpServletRequest.getHeader(HttpConst.HEADER_USER_AGENT))) {
            LOG.info("IDS Server send Request to Agent,header:" + httpServletRequest.getHeader(HttpConst.HEADER_USER_AGENT));
            processIDSRequest(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.idsAgentAccessHelper.isRegRequest(relativePathWithPara)) {
            processRegRequest(httpServletRequest, httpServletResponse);
            return;
        }
        P3PUtil.accept3rdPartyCookie(httpServletResponse);
        if (this.idsAgentAccessHelper.isSSOLoginReqByLocalPage(relativePathWithPara, method)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("isSSOLoginReqByLocalPage=true, so forward. relativePathWithPara=" + relativePathWithPara + ",loginAction.uri=" + StringHelper.toString(this.agent.getLoginActionURIs()));
            }
            checkIsSSOAlive(sessionId, cookieHelper);
            processSSOLoginByLocalPage(filterChain, httpServletRequest, httpServletResponse);
            return;
        }
        if (this.idsAgentAccessHelper.isVerifyButNotLoginRequest(relativePathWithPara)) {
            processVerifyNotLoginRequest(filterChain, httpServletRequest, httpServletResponse);
            return;
        }
        if (this.idsAgentAccessHelper.isLogoutRequest(relativePathWithPara)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("isLogoutRequest=true, so forward. relativePathWithPara=" + relativePathWithPara + ",logout.uri=" + StringHelper.toString(this.agent.getLogoutURIs()));
            }
            processLogouRequest(httpServletRequest, httpServletResponse, this.servletAppActor, sessionId, z, cookieHelper);
            return;
        }
        if (this.agent.supportSameDomainSSO()) {
            processSameDomainSSOAccessing(httpServletRequest, httpServletResponse, filterChain, sessionId);
            return;
        }
        if (this.servletAppActor.checkLocalLogin(httpServletRequest, httpServletResponse)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("coSessId=" + sessionId + ", checkLocalLogin() return  true");
            }
            AgentUtil.removeSSOBind(cookieHelper, this.agent);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (z) {
            processSameDomainRequest(filterChain, httpServletRequest, httpServletResponse, sessionId, cookieHelper);
            return;
        }
        boolean alreadyBindSSO = AgentUtil.alreadyBindSSO(cookieHelper, this.agent);
        boolean isUrlInProcessUrlPrefix = this.idsAgentAccessHelper.isUrlInProcessUrlPrefix(relativePathWithPara);
        boolean allowGuest = allowGuest(isUrlInProcessUrlPrefix);
        if (LOG.isDebugEnabled()) {
            LOG.debug("alreadyBindSSO: " + alreadyBindSSO + "; allowGuest: " + allowGuest);
        }
        if (alreadyBindSSO && allowGuest && this.agent.getAuthBy() == 0) {
            String bindSSOIdInUrl = AgentUtil.getBindSSOIdInUrl(httpServletRequest);
            if (LOG.isDebugEnabled()) {
                LOG.debug("ssoIdInUrl: " + bindSSOIdInUrl);
            }
            if (bindSSOIdInUrl == null || bindSSOIdInUrl.length() <= 0) {
                this.servletAppActor.loadAnonymous(httpServletRequest, httpServletResponse);
                if (httpServletResponse.isCommitted()) {
                    return;
                }
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            AgentUtil.saveSSOId(bindSSOIdInUrl, cookieHelper, this.agent);
            String restoreOriginAccessUrl = this.agent.restoreOriginAccessUrl(httpServletRequest);
            if (LOG.isDebugEnabled()) {
                LOG.debug("originUrl: " + restoreOriginAccessUrl);
            }
            if (this.agent.needSavePostParamAndPostBack() && AgentUtil.havePostParamInCookie(cookieHelper)) {
                AgentUtil.forwardToAutosubmitPageWithPostParam(httpServletRequest, httpServletResponse, cookieHelper, restoreOriginAccessUrl);
                return;
            } else {
                RequestUtil.sendRedirectSecure(httpServletRequest, httpServletResponse, restoreOriginAccessUrl, null, true);
                return;
            }
        }
        String bindSSOId = AgentUtil.getBindSSOId(cookieHelper, this.agent);
        try {
            SSOUser findSSOUserByLocalSessionId = bindSSOId == null ? this.agent.findSSOUserByLocalSessionId(sessionId) : this.agent.findLoginSSOUser(bindSSOId, sessionId);
            LOG.info("find ssoUser from server: " + getSSOUserInfoForLOG(findSSOUserByLocalSessionId));
            if (findSSOUserByLocalSessionId != null) {
                AgentUtil.removeSSOBind(cookieHelper, this.agent);
                try {
                    this.servletAppActor.loadLoginUser(httpServletRequest, httpServletResponse, findSSOUserByLocalSessionId);
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("actor loadLoginUser ok. coSessId=" + sessionId + ", user=" + findSSOUserByLocalSessionId.getUserName());
                    }
                    if (AgentUtil.havePostParamInCookie(cookieHelper)) {
                        AgentUtil.forwardToAutosubmitPageWithPostParam(httpServletRequest, httpServletResponse, cookieHelper, httpServletRequest.getRequestURL().toString());
                        return;
                    } else {
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                        return;
                    }
                } catch (RuntimeException e) {
                    LOG.error(String.valueOf(this.agent.getAgentName()) + " actor addUser/loadLoginUser fail! sessId=" + sessionId + ", user=" + findSSOUserByLocalSessionId.getUserName(), e);
                    handleServerException(httpServletResponse, e);
                    return;
                }
            }
            if (httpServletResponse.isCommitted()) {
                return;
            }
            if (!StringHelper.isEmpty(this.agent.getGlobalLoginUrl())) {
                if (this.agent.needSavePostParamAndPostBack()) {
                    AgentUtil.savePostParamInCookie(httpServletRequest, cookieHelper);
                }
                AgentUtil.saveCoSessionIdInCookie(cookieHelper, this.agent);
                httpServletResponse.sendRedirect(this.agent.buildParamsForSSOUrl(isUrlInProcessUrlPrefix, sessionId, httpServletRequest));
                return;
            }
            if (this.agent.isAllowAnonymous()) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("<p>由于现在无法连接TRS身份服务器, 用户现在不能登录和访问协作应用" + this.agent.getAgentName() + ", 请稍候再试");
            stringBuffer.append("<p>原因: ").append("IDS能够连接，但是无法从IDS中获取必要的SSO URL参数，请联系IDS管理员确定SSO URL是否正确配置").append("</BR>");
            RequestUtil.outPrintMessage(httpServletResponse, stringBuffer.toString());
        } catch (ClientTransferException e2) {
            handleServerException(httpServletRequest, httpServletResponse, e2, sessionId, bindSSOId);
        } catch (Exception e3) {
            handleServerException(httpServletRequest, httpServletResponse, e3, sessionId, bindSSOId);
        }
    }

    protected String encryStr(String str) {
        return Base64Util.encode(str);
    }

    protected IDSCmdProcessor getIDSCmdProcesser(String str) {
        if (this.idsCmdProcessors == null) {
            return new NullProcessor("not yet init!");
        }
        Object obj = this.idsCmdProcessors.get(str);
        return obj instanceof IDSCmdProcessor ? (IDSCmdProcessor) obj : new NullProcessor("nosuch idscmd: " + str);
    }

    protected VerifyReqInfo getVerifyReqInfo(HttpServletRequest httpServletRequest) {
        VerifyReqInfo verifyReqInfo = new VerifyReqInfo();
        verifyReqInfo.setUserName(httpServletRequest.getParameter(this.userParamOfJustVerify));
        verifyReqInfo.setPassword(httpServletRequest.getParameter(this.pwdParamOfJustVerify));
        verifyReqInfo.setClientIP(RequestUtil.getRemoteAddr(httpServletRequest, this.agent.getOriginalClientIPHttpHeader()));
        return verifyReqInfo;
    }

    protected void handleServerException(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        httpServletResponse.setContentType("text/html; charset=GBK");
        PrintWriter writer = httpServletResponse.getWriter();
        StringBuffer stringBuffer = new StringBuffer(256);
        stringBuffer.append("<html><head><title>TRS IDS Agent 提示信息</title><body>");
        stringBuffer.append("<p>您已成功登录了协作应用").append(this.agent.getAgentName()).append(", 但是该应用内部发生了错误!");
        stringBuffer.append("错误信息: ").append(exc).append("</br>");
        writer.println(stringBuffer);
        exc.printStackTrace(writer);
        writer.println("</body></html>");
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.agent = AgentFactory.getInstance().initAndStart();
        if (this.agent == null) {
            LOG.error("get agent is null while GeneralSSOFilter init!");
            return;
        }
        ServletContext servletContext = filterConfig.getServletContext();
        servletContext.setAttribute("IDSAgent", this.agent);
        String servletContainerInfo = RequestUtil.getServletContainerInfo(servletContext);
        LOG.info("appServer: " + servletContainerInfo);
        this.agent.setServerInfo(servletContainerInfo);
        if (this.agent.isStarted()) {
            initFilterByAgent(filterConfig.getServletContext());
            LOG.info("encryptAgentName=" + this.encryptAgentName + "; ignoreUrl.prefix=" + this.agent.getIgnoreUrlPrefixes() + ", servletAppActor[" + this.servletAppActor + "]");
        }
        try {
            this.idsAgentAccessHelper = new IdsAgentAccessHelper(this.agent);
        } catch (Throwable th) {
            LOG.error("failed to init idsAgentAccessHelper by agent[" + this.agent + "]", th);
        }
    }

    protected void initIDSCmdProcessors() {
        LogoutProcessor logoutProcessor = new LogoutProcessor(this.agent);
        LoginProcessor loginProcessor = new LoginProcessor(this.agent);
        AddUserProcessor addUserProcessor = new AddUserProcessor(this.agent);
        DelUserProcessor delUserProcessor = new DelUserProcessor(this.agent);
        UpdateUserProcessor updateUserProcessor = new UpdateUserProcessor(this.agent);
        UpdateSSOUrlProcessor updateSSOUrlProcessor = new UpdateSSOUrlProcessor(this.agent);
        PingProcessor pingProcessor = new PingProcessor(this.agent);
        EnableUserProcessor enableUserProcessor = new EnableUserProcessor(this.agent);
        DisableUserProcessor disableUserProcessor = new DisableUserProcessor(this.agent);
        AddGroupProcessor addGroupProcessor = new AddGroupProcessor(this.agent);
        UpdateGroupProcessor updateGroupProcessor = new UpdateGroupProcessor(this.agent);
        DelGroupProcessor delGroupProcessor = new DelGroupProcessor(this.agent);
        MoveToGroupProcessor moveToGroupProcessor = new MoveToGroupProcessor(this.agent);
        RemoveFromGroupProcessor removeFromGroupProcessor = new RemoveFromGroupProcessor(this.agent);
        this.idsCmdProcessors = new HashMap();
        this.idsCmdProcessors.put(logoutProcessor.getIDSCmd(), logoutProcessor);
        this.idsCmdProcessors.put(loginProcessor.getIDSCmd(), loginProcessor);
        this.idsCmdProcessors.put(addUserProcessor.getIDSCmd(), addUserProcessor);
        this.idsCmdProcessors.put(delUserProcessor.getIDSCmd(), delUserProcessor);
        this.idsCmdProcessors.put(updateUserProcessor.getIDSCmd(), updateUserProcessor);
        this.idsCmdProcessors.put(updateSSOUrlProcessor.getIDSCmd(), updateSSOUrlProcessor);
        this.idsCmdProcessors.put(pingProcessor.getIDSCmd(), pingProcessor);
        this.idsCmdProcessors.put(enableUserProcessor.getIDSCmd(), enableUserProcessor);
        this.idsCmdProcessors.put(disableUserProcessor.getIDSCmd(), disableUserProcessor);
        this.idsCmdProcessors.put(addGroupProcessor.getIDSCmd(), addGroupProcessor);
        this.idsCmdProcessors.put(updateGroupProcessor.getIDSCmd(), updateGroupProcessor);
        this.idsCmdProcessors.put(delGroupProcessor.getIDSCmd(), delGroupProcessor);
        this.idsCmdProcessors.put(moveToGroupProcessor.getIDSCmd(), moveToGroupProcessor);
        this.idsCmdProcessors.put(removeFromGroupProcessor.getIDSCmd(), removeFromGroupProcessor);
    }

    protected void showHaltPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc) {
        if ((exc instanceof ClientTransferException) && ((ClientTransferException) exc).getErrCode() == -102) {
            String buildCoAppUrlNotConnectIds = buildCoAppUrlNotConnectIds(httpServletRequest, exc);
            try {
                httpServletResponse.sendRedirect(buildCoAppUrlNotConnectIds);
                return;
            } catch (Exception e) {
                LOG.error("fail on sendRedirect to coAppUrlNotConnectIds[" + buildCoAppUrlNotConnectIds + "]", e);
            }
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("run error， and forward to halt error page", exc);
        }
        try {
            RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(ClientConst.DEF_AGENT_ERR_PAGE);
            if (requestDispatcher == null) {
                throw new Exception("the page not exist: /WEB-INF/idsHalt.jsp");
            }
            requestDispatcher.forward(httpServletRequest, httpServletResponse);
        } catch (Exception e2) {
            LOG.warn("fail! use DefaultHaltResponse.", e2);
            try {
                showMessagePage(httpServletResponse, "TRS身份服务器停止运行或网络连接存在故障!");
            } catch (IOException e3) {
                LOG.error("fail on showDefaultHaltPage!", e3);
            }
        }
    }

    protected void showMessagePage(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("text/html; charset=GBK");
        PrintWriter writer = httpServletResponse.getWriter();
        StringBuffer stringBuffer = new StringBuffer(256);
        stringBuffer.append("<HTML><HEAD><TITLE>TRS身份服务器，" + this.agent.getAgentName() + "应用</TITLE><body>");
        stringBuffer.append(str);
        writer.println(stringBuffer);
        writer.println("</body></html>");
    }
}
