package com.ai.appframe2.web.filter;

import com.ai.appframe2.common.AIConfigManager;
import com.ai.appframe2.common.DBGridInterface;
import com.ai.appframe2.common.SessionManager;
import com.ai.appframe2.complex.cache.CacheFactory;
import com.ai.appframe2.complex.cache.impl.SecAllAccessCacheImpl;
import com.ai.appframe2.complex.center.CenterFactory;
import com.ai.appframe2.complex.mbean.standard.trace.WebTraceMonitor;
import com.ai.appframe2.complex.secframe.ICenterUserInfo;
import com.ai.appframe2.complex.trace.impl.WebTrace;
import com.ai.appframe2.complex.util.RuntimeServerUtil;
import com.ai.appframe2.mongodb.MongoDBConstants;
import com.ai.appframe2.privilege.UserInfoInterface;
import com.ai.appframe2.service.ServiceFactory;
import com.ai.appframe2.web.BaseServer;
import com.ai.appframe2.web.action.BaseAction;
import com.ai.appframe2.web.sso.AuthInfoManager;
import com.ai.secframe.service.sysmgr.interfaces.ISysFunction;
import com.asiainfo.boss.ngcs.base.util.interfaces.IStaticDataNewSV;
import com.asiainfo.boss.ngcs.base.util.ivalues.IBOBsStaticDataValue;
import com.asiainfo.boss.so.exe.service.interfaces.ISysAuditLogSV;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/ai/appframe2/web/filter/LoginFilter.class */
public class LoginFilter implements Filter {
    protected FilterConfig filterConfig;
    private static final String SESSION_ACCESS_URL = "SESSION_ACCESS_URL";
    private static transient Log log = LogFactory.getLog(LoginFilter.class);
    private static boolean is_session_check = false;
    private static boolean is_url_check = false;
    private static List UNCHECK_URL = new ArrayList();
    public static Boolean IS_INIT_NEW_URL_FUNCTION_MAP = Boolean.FALSE;
    private static Pattern PATTERN = Pattern.compile("document.cookie|href|script|select |select/|select\\(|select\\*|insert |insert/|insert\\(|insert\\*|update |update/|update\\(|update\\*|delete |delete/|delete\\(|delete\\*|truncate |truncate/|truncate\\(|truncate\\*|exec |exec/|exec\\(|exec\\*|drop |drop/|drop\\(|drop\\*");
    private static Pattern PATTERN_STR = Pattern.compile("'|\"| and|and |or | or", 1);

    public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        try {
            String configItem = AIConfigManager.getConfigItem(AIConfigManager.ITEM_IS_LOGIN_CHECK_FLAG);
            if (configItem != null && configItem.equalsIgnoreCase("Y")) {
                is_session_check = true;
            }
            String configItem2 = AIConfigManager.getConfigItem(AIConfigManager.ITEM_IS_URL_CHECK_FLAG);
            if (configItem2 != null && "Y".equalsIgnoreCase(configItem2)) {
                is_url_check = true;
            }
            UNCHECK_URL.clear();
            Iterator it = AIConfigManager.getConfigItemsByKind("UNCHECK_URL").keySet().iterator();
            while (it.hasNext()) {
                UNCHECK_URL.add((String) it.next());
            }
        } catch (Exception e) {
            log.error("获得AIConfig数据失败", e);
        }
    }

    /* JADX WARN: Finally extract failed */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String substringAfter;
        String queryString;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        SessionManager.setContextName(httpServletRequest.getContextPath());
        SessionManager.setRequest(httpServletRequest);
        SessionManager.setUser(null);
        UserInfoInterface userInfoInterface = null;
        String str = (String) httpServletRequest.getSession().getAttribute(BaseServer.WBS_USER_ATTR);
        if (!StringUtils.isBlank(str)) {
            IStaticDataNewSV iStaticDataNewSV = (IStaticDataNewSV) ServiceFactory.getService(IStaticDataNewSV.class);
            try {
                userInfoInterface = BaseServer.getCurUser(httpServletRequest);
                IBOBsStaticDataValue[] staticDataFromCache = iStaticDataNewSV.getStaticDataFromCache("NGKF_CHANNEL_TYPE");
                if (staticDataFromCache == null || staticDataFromCache.length == 0) {
                    userInfoInterface.set("CHANNEL_TYPE", "e");
                }
                SessionManager.setUser(userInfoInterface);
            } catch (Exception e) {
                log.error("根据serialID获取用户UserInfo信息出错.serialID=" + str, e);
                throw new ServletException(e);
            }
        }
        try {
            substringAfter = StringUtils.substringAfter(httpServletRequest.getRequestURI().toString(), httpServletRequest.getContextPath());
            queryString = httpServletRequest.getQueryString();
            if (!StringUtils.isBlank(queryString)) {
                substringAfter = String.valueOf(substringAfter) + MongoDBConstants.InsertKeys.UNKNOWN + queryString;
            }
        } catch (Exception e2) {
            throw new ServletException(e2);
        }
        if ((!StringUtils.isBlank(queryString) && PATTERN.matcher(URLDecoder.decode(queryString.toLowerCase())).find() && PATTERN_STR.matcher(URLDecoder.decode(queryString.toLowerCase())).find()) || (substringAfter.indexOf("//") > -1 && checkDoubleSlash(substringAfter))) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("输入的url和参数含有非法或系统不能接受字符</p>");
            log.error(stringBuffer.toString());
            httpServletResponse.setContentType(BaseAction.GBK_HTML_CONTENT_TYPE);
            httpServletResponse.getWriter().print(stringBuffer.toString());
            return;
        }
        int judge = judge(httpServletRequest, userInfoInterface, substringAfter);
        if (judge <= 0) {
            if (judge == 0) {
                if (log.isDebugEnabled()) {
                    log.debug("j=0,url:" + substringAfter);
                }
                if ("XMLHTTP".equalsIgnoreCase(httpServletRequest.getParameter("url_source"))) {
                    httpServletResponse.getWriter().write(BaseServer.WBS_LOGINOUT_FLAG);
                    return;
                }
                try {
                    String stringBuffer2 = httpServletRequest.getRequestURL().toString();
                    String ipAddr = BaseServer.getIpAddr(httpServletRequest);
                    System.out.println("记录" + ipAddr + "非法访问URL" + stringBuffer2);
                    CenterFactory.setCenterInfoByTypeAndValue("RegionId", "A");
                    ((ISysAuditLogSV) ServiceFactory.getService(ISysAuditLogSV.class)).saveBypassLog(substringAfter, ipAddr, "193000700414");
                } catch (Exception e3) {
                    e3.printStackTrace();
                }
                httpServletRequest.getRequestDispatcher(BaseServer.getLogoutHTML()).forward(servletRequest, servletResponse);
                return;
            }
            if (judge == -1) {
                StringBuffer stringBuffer3 = new StringBuffer();
                stringBuffer3.append("<p>你的IP:<font color=\"#FF0000\"><b>" + userInfoInterface.getIP() + "</b></font></p>");
                stringBuffer3.append("<p>工号:<font color=\"#FF0000\"><b>" + userInfoInterface.getCode() + "</b></font></p>");
                stringBuffer3.append("<p>归属组织:<font color=\"#FF0000\"><b>" + userInfoInterface.getOrgName() + "</b></font></p>");
                stringBuffer3.append("<p>于:<font color=\"#FF0000\"><b>" + new Date() + "</b></font></p>");
                stringBuffer3.append("<p>操作了不属于你的权限的链接地址:<font color=\"#FF0000\"><b>" + substringAfter + "</b></font></p>");
                stringBuffer3.append("<p><font color=\"#FF0000\"><b>现在已经记录在案!</b></font></p>");
                log.error(stringBuffer3.toString());
                httpServletResponse.setContentType(BaseAction.GBK_HTML_CONTENT_TYPE);
                httpServletResponse.getWriter().print(stringBuffer3.toString());
                return;
            }
            if (judge != -2) {
                throw new Exception("不正确的可能值");
            }
            StringBuffer stringBuffer4 = new StringBuffer();
            stringBuffer4.append("<p>你的IP:<font color=\"#FF0000\"><b>" + userInfoInterface.getIP() + "</b></font></p>");
            stringBuffer4.append("<p>工号:<font color=\"#FF0000\"><b>" + userInfoInterface.getCode() + "</b></font></p>");
            stringBuffer4.append("<p>归属组织:<font color=\"#FF0000\"><b>" + userInfoInterface.getOrgName() + "</b></font></p>");
            stringBuffer4.append("<p>于:<font color=\"#FF0000\"><b>" + new Date() + "</b></font></p>");
            stringBuffer4.append("<p>操作的链接地址:<font color=\"#FF0000\"><b>" + substringAfter + "</b></font></p>");
            stringBuffer4.append("<p><font color=\"#FF0000\"><b>权限判断出现错误,现在不允许操作!</b></font></p>");
            log.error(stringBuffer4.toString());
            httpServletResponse.setContentType(BaseAction.GBK_HTML_CONTENT_TYPE);
            httpServletResponse.getWriter().print(stringBuffer4.toString());
            return;
        }
        httpServletResponse.addHeader("P3P", "CP=CAO PSA OUR");
        boolean z = false;
        if (WebTraceMonitor.isEnableGlobalTrace() && userInfoInterface != null && userInfoInterface.getCode() != null && userInfoInterface.getCode().equals(WebTraceMonitor._getCode()) && substringAfter != null && substringAfter.indexOf("/misc") == -1) {
            z = (!(WebTraceMonitor._getUrl() != null ? WebTraceMonitor._getUrl().indexOf(substringAfter) != -1 : true) || WebTraceMonitor._getClientIp() == null || userInfoInterface.getIP() == null) ? true : WebTraceMonitor._getClientIp().indexOf(userInfoInterface.getIP()) != -1;
            if (z) {
                WebTrace webTrace = new WebTrace();
                webTrace.setCreateTime(System.currentTimeMillis());
                webTrace.setUrl(substringAfter);
                webTrace.setServerIp(RuntimeServerUtil.getServerIP());
                webTrace.setServerName(RuntimeServerUtil.getServerName());
                if (userInfoInterface.getIP() != null) {
                    webTrace.setClientIp(userInfoInterface.getIP());
                }
                if (userInfoInterface.getCode() != null) {
                    webTrace.setCode(userInfoInterface.getCode());
                }
                if (userInfoInterface instanceof ICenterUserInfo) {
                    ((ICenterUserInfo) userInfoInterface).setTrace(true);
                    ((ICenterUserInfo) userInfoInterface).setWebTrace(webTrace);
                }
            }
        }
        try {
            filterChain.doFilter(servletRequest, servletResponse);
            if (z) {
                if (userInfoInterface != null && (userInfoInterface instanceof ICenterUserInfo)) {
                    ((ICenterUserInfo) userInfoInterface).setTrace(false);
                    ((ICenterUserInfo) userInfoInterface).setWebTrace(null);
                }
                if (WebTraceMonitor.isTimeOut()) {
                    WebTraceMonitor.disableGlobalTrace();
                    return;
                }
                return;
            }
            return;
        } catch (Throwable th) {
            if (z) {
                if (userInfoInterface != null && (userInfoInterface instanceof ICenterUserInfo)) {
                    ((ICenterUserInfo) userInfoInterface).setTrace(false);
                    ((ICenterUserInfo) userInfoInterface).setWebTrace(null);
                }
                if (WebTraceMonitor.isTimeOut()) {
                    WebTraceMonitor.disableGlobalTrace();
                }
            }
            throw th;
        }
        throw new ServletException(e2);
    }

    public void destroy() {
        this.filterConfig = null;
        UNCHECK_URL.clear();
    }

    public int judge(HttpServletRequest httpServletRequest, UserInfoInterface userInfoInterface, String str) throws Exception {
        if (!is_session_check) {
            return 1;
        }
        if (userInfoInterface == null) {
            if (str.equalsIgnoreCase(AuthInfoManager.COOKIE_PATH)) {
                return 1;
            }
            Iterator it = UNCHECK_URL.iterator();
            while (it.hasNext()) {
                if (str.indexOf((String) it.next()) != -1) {
                    return 1;
                }
            }
            return 0;
        }
        if (!is_url_check) {
            return 1;
        }
        int i = 0;
        try {
            if (CacheFactory.containsKey(SecAllAccessCacheImpl.class, str)) {
                HashMap hashMap = (HashMap) httpServletRequest.getSession().getAttribute(SESSION_ACCESS_URL);
                if (hashMap == null) {
                    hashMap = ((ISysFunction) ServiceFactory.getService("com.ai.secframe.service.sysmgr.SysFunction")).getStaffAccessByStaffId(userInfoInterface.getID());
                    httpServletRequest.getSession().setAttribute(SESSION_ACCESS_URL, hashMap);
                }
                if (hashMap != null) {
                    i = hashMap.containsKey(str) ? 1 : -1;
                }
            } else {
                i = 1;
            }
        } catch (Throwable th) {
            log.error("判断权限出现错误", th);
            i = -2;
        }
        return i;
    }

    private boolean checkDoubleSlash(String str) {
        boolean z = false;
        if (str.indexOf("//") > -1 && StringUtils.replace(str, "http://", DBGridInterface.DBGRID_DSDefaultDisplayValue).indexOf("//") > -1) {
            z = true;
        }
        return z;
    }
}
