package com.aisec.idas.alice.security.interceptor;

import com.aisec.idas.alice.core.lang.Clazz;
import com.aisec.idas.alice.core.lang.Collections;
import com.aisec.idas.alice.core.lang.Fields;
import com.aisec.idas.alice.core.lang.ServletUtils;
import com.aisec.idas.alice.core.security.AesCryptor;
import com.aisec.idas.alice.os.struts2.util.Struts2Utils;
import com.aisec.idas.alice.security.SecurityConstant;
import com.aisec.idas.alice.security.annotations.SecurityAction;
import com.aisec.idas.alice.security.annotations.SecurityAjaxField;
import com.aisec.idas.alice.security.annotations.SecurityBinding;
import com.aisec.idas.alice.security.annotations.SecurityField;
import com.aisec.idas.alice.security.bean.SecurityBean;
import com.aisec.idas.alice.security.impl.Security;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.MethodFilterInterceptor;
import com.opensymphony.xwork2.interceptor.PreResultListener;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.builder.ReflectionToStringBuilder;
import org.apache.commons.lang.builder.ToStringBuilder;
import org.apache.commons.lang.builder.ToStringStyle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class SecurityInterceptor extends MethodFilterInterceptor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityInterceptor.class);
    private static final long serialVersionUID = -7114005942161383733L;

    private SecurityBean createPhwSecurityBean(ActionInvocation actionInvocation) {
        SecurityBean securityBean = new SecurityBean();
        HttpServletRequest request = Struts2Utils.getRequest();
        securityBean.setIp(ServletUtils.getRemoteAddr(request));
        StringBuffer requestURL = request.getRequestURL();
        StringBuffer delete = requestURL.delete(requestURL.length() - request.getRequestURI().length(), requestURL.length());
        delete.append("/");
        securityBean.setDomain(delete.toString());
        securityBean.setSecurityContent(Collections.newHashMap());
        securityBean.setStepAction(actionInvocation.getAction().getClass().getSimpleName());
        String parameterAndAttribute = SecurityHelper.getParameterAndAttribute(SecurityConstant.TOKEN_NAME_FIELD, actionInvocation);
        if (StringUtils.isNotEmpty(parameterAndAttribute)) {
            String parameterAndAttribute2 = SecurityHelper.getParameterAndAttribute(createSafeKeyName(parameterAndAttribute), actionInvocation);
            securityBean.setSecurityToken(parameterAndAttribute);
            securityBean.setSecuritySafekey(parameterAndAttribute2);
        }
        String from = ((SecurityAction) actionInvocation.getAction().getClass().getAnnotation(SecurityAction.class)).from();
        if (StringUtils.isNotEmpty(from)) {
            securityBean.setFromAction(from);
        }
        securityBean.setMinituesToLive(r5.minituesToLive());
        if ("202.108.41.130".equals(ServletUtils.getRemoteAddr(request))) {
            log.error(ToStringBuilder.reflectionToString(securityBean));
        }
        return securityBean;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String createSafeKeyName(String str) {
        return new AesCryptor().encrypt(str);
    }

    private void preResult(ActionInvocation actionInvocation, final SecurityBean securityBean) {
        actionInvocation.addPreResultListener(new PreResultListener() { // from class: com.aisec.idas.alice.security.interceptor.SecurityInterceptor.1
            private void processPhwSecurityAjaxField(SecurityBean securityBean2, Field field, ActionInvocation actionInvocation2) {
                if (((SecurityAjaxField) field.getAnnotation(SecurityAjaxField.class)) == null) {
                    return;
                }
                Object fieldValue = Fields.getFieldValue(actionInvocation2.getAction(), field);
                if (fieldValue instanceof Map) {
                    Map map = (Map) fieldValue;
                    map.put(SecurityConstant.TOKEN_NAME_FIELD, securityBean.getSecurityToken());
                    map.put(SecurityConstant.SAFEKEY_NAME_FIELD, securityBean.getSafeKeyName());
                    map.put(SecurityConstant.SAFEKEY_VAL_FIELD, securityBean.getSecuritySafekey());
                }
            }

            private void setSafeKeyToPage(SecurityBean securityBean2, ActionInvocation actionInvocation2) {
                HttpServletRequest httpServletRequest = (HttpServletRequest) actionInvocation2.getInvocationContext().get("com.opensymphony.xwork2.dispatcher.HttpServletRequest");
                String createSafeKeyName = SecurityInterceptor.this.createSafeKeyName(securityBean2.getSecurityToken());
                securityBean2.setSafeKeyName(createSafeKeyName);
                httpServletRequest.setAttribute(SecurityConstant.TOKEN_NAME_FIELD, securityBean2.getSecurityToken());
                httpServletRequest.setAttribute(SecurityConstant.SAFEKEY_NAME_FIELD, createSafeKeyName);
                httpServletRequest.setAttribute(SecurityConstant.SAFEKEY_VAL_FIELD, securityBean2.getSecuritySafekey());
                httpServletRequest.setAttribute(createSafeKeyName, securityBean2.getSecuritySafekey());
                for (Field field : actionInvocation2.getAction().getClass().getDeclaredFields()) {
                    processPhwSecurityAjaxField(securityBean2, field, actionInvocation2);
                }
            }

            public void beforeResult(ActionInvocation actionInvocation2, String str) {
                Class<?> cls = actionInvocation2.getAction().getClass();
                for (Field field : cls.getDeclaredFields()) {
                    SecurityInterceptor.processPhwSecurityField(securityBean, field, actionInvocation2.getAction());
                }
                for (Method method : cls.getMethods()) {
                    SecurityInterceptor.processPhwSecurityBingding(securityBean, method, actionInvocation2.getAction());
                }
                if (SecurityInterceptor.log.isDebugEnabled()) {
                    SecurityInterceptor.log.debug(ReflectionToStringBuilder.toString(securityBean, ToStringStyle.SIMPLE_STYLE));
                }
                Security.putPhwSecurity(securityBean);
                setSafeKeyToPage(securityBean, actionInvocation2);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void processPhwSecurityBingding(SecurityBean securityBean, Method method, Object obj) {
        if (((SecurityBinding) method.getAnnotation(SecurityBinding.class)) != null && method.getReturnType().equals(String.class)) {
            securityBean.setBinding(String.valueOf(Clazz.invokeQuietly(obj, method)));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void processPhwSecurityField(SecurityBean securityBean, Field field, Object obj) {
        SecurityField securityField = (SecurityField) field.getAnnotation(SecurityField.class);
        if (securityField == null) {
            return;
        }
        String alias = securityField.alias();
        securityBean.getSecurityContent().put(StringUtils.isEmpty(alias) ? field.getName() : alias, Fields.getFieldValue(obj, field));
    }

    private static void reflectSetField(SecurityBean securityBean, Object obj) {
        Map securityContent = securityBean.getSecurityContent();
        for (Field field : obj.getClass().getDeclaredFields()) {
            SecurityField securityField = (SecurityField) field.getAnnotation(SecurityField.class);
            if (securityField != null) {
                String alias = securityField.alias();
                String name = StringUtils.isEmpty(alias) ? field.getName() : alias;
                if (securityContent.containsKey(name)) {
                    Fields.setFieldValue(obj, field, securityContent.get(name));
                }
            }
        }
    }

    protected String doIntercept(ActionInvocation actionInvocation) throws Exception {
        if (!SecurityHelper.isPhwSecurityAction(actionInvocation.getAction().getClass())) {
            return actionInvocation.invoke();
        }
        log.debug("-----> {} 存在加密标注,执行安全组件 <-----", actionInvocation.getAction().getClass());
        SecurityBean createPhwSecurityBean = createPhwSecurityBean(actionInvocation);
        if (SecurityHelper.isExistSafeKey(actionInvocation)) {
            log.debug("-----> {} 存在加密token,获取加密信息并反射java对象 <-----", actionInvocation.getAction().getClass());
            Security.getPhwSecurity(createPhwSecurityBean);
            reflectSetField(createPhwSecurityBean, actionInvocation.getAction());
        }
        preResult(actionInvocation, createPhwSecurityBean);
        return actionInvocation.invoke();
    }
}
