package com.supermap.services.security;

import com.supermap.services.rest.HttpException;
import com.supermap.services.rest.resources.SecurityManageResource;
import com.supermap.services.util.ResourceManager;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.jose4j.jwt.JwtClaims;
import org.restlet.data.Status;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/services/security/TokenRequestUtil.class */
public class TokenRequestUtil {
    private static ResourceManager a = new ResourceManager("resource.securityManageResources");
    public static final String TOKEN_STR = "token";
    private static final String b = "referer";
    public static final double HOLD_TIME = 10.0d;

    private TokenRequestUtil() {
    }

    public static String getTokenFromQueryString(String str) {
        if (str == null) {
            return null;
        }
        for (String str2 : StringUtils.split(str, '&')) {
            if (str2.startsWith("token=")) {
                return str2.substring("token=".length());
            }
        }
        return null;
    }

    public static String getToken(HttpServletRequest httpServletRequest) {
        String tokenFromQueryString = getTokenFromQueryString(httpServletRequest.getQueryString());
        if (tokenFromQueryString != null) {
            return tokenFromQueryString;
        }
        if (httpServletRequest.getCookies() != null) {
            for (Cookie cookie : httpServletRequest.getCookies()) {
                if (StringUtils.equalsIgnoreCase(cookie.getName(), "token")) {
                    tokenFromQueryString = cookie.getValue();
                }
            }
        }
        return tokenFromQueryString;
    }

    public static void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, TokenInfo tokenInfo) {
        if (tokenInfo == null) {
            throw new HttpException(Status.CLIENT_ERROR_UNAUTHORIZED, a.getMessage((ResourceManager) SecurityManageResource.EXTRAINFOFILTER_TOKEN_INVALID, new Object[0]));
        }
        a(httpServletRequest, httpServletResponse, a(httpServletRequest, tokenInfo));
    }

    static UsernamePasswordToken a(HttpServletRequest httpServletRequest, TokenInfo tokenInfo) {
        if (tokenInfo == null) {
            throw new HttpException(Status.CLIENT_ERROR_UNAUTHORIZED, a.getMessage((ResourceManager) SecurityManageResource.EXTRAINFOFILTER_TOKEN_INVALID, new Object[0]));
        }
        String str = tokenInfo.userName;
        if (StringUtils.isNotEmpty(tokenInfo.ip)) {
            if (!tokenInfo.ip.equals(httpServletRequest.getRemoteHost())) {
                throw new HttpException(Status.CLIENT_ERROR_UNAUTHORIZED, a.getMessage((ResourceManager) SecurityManageResource.EXTRAINFOFILTER_TOKEN_INVALID, new Object[0]));
            }
        } else if (StringUtils.isNotEmpty(tokenInfo.refererURL)) {
            String header = httpServletRequest.getHeader("referer");
            if (StringUtils.isEmpty(header) || !header.startsWith(tokenInfo.refererURL)) {
                throw new HttpException(Status.CLIENT_ERROR_UNAUTHORIZED, a.getMessage((ResourceManager) SecurityManageResource.EXTRAINFOFILTER_TOKEN_INVALID, new Object[0]));
            }
        }
        if (System.currentTimeMillis() > tokenInfo.expirationTimeMillis) {
            throw new HttpException(Status.CLIENT_ERROR_UNAUTHORIZED, a.getMessage((ResourceManager) SecurityManageResource.EXTRAINFOFILTER_TOKEN_INVALID, new Object[0]));
        }
        return new BuiltInToken(str).principal(getToken(httpServletRequest), "digestrealm").permission(SecurityConstants.PERMISSION_DENIED_TOKEN_ACCESS_WEBMANAGER).lookupPermission(true).lookupRole(true);
    }

    public static void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, JwtClaims jwtClaims) {
        if (jwtClaims == null) {
            throw new HttpException(Status.CLIENT_ERROR_UNAUTHORIZED, a.getMessage((ResourceManager) SecurityManageResource.EXTRAINFOFILTER_TOKEN_INVALID, new Object[0]));
        }
        a(httpServletRequest, httpServletResponse, a(httpServletRequest, jwtClaims));
    }

    static UsernamePasswordToken a(HttpServletRequest httpServletRequest, JwtClaims jwtClaims) {
        if (jwtClaims == null) {
            throw new HttpException(Status.CLIENT_ERROR_UNAUTHORIZED, a.getMessage((ResourceManager) SecurityManageResource.EXTRAINFOFILTER_TOKEN_INVALID, new Object[0]));
        }
        return new BuiltInToken((String) jwtClaims.getClaimValue("preferred_username")).principal(getToken(httpServletRequest), "digestrealm").permission(SecurityConstants.PERMISSION_DENIED_TOKEN_ACCESS_WEBMANAGER).lookupPermission(true).lookupRole(true);
    }

    private static void a(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UsernamePasswordToken usernamePasswordToken) {
        ShiroUtil.login(httpServletRequest, httpServletResponse, usernamePasswordToken);
        httpServletRequest.setAttribute("subject", SecurityUtils.getSubject());
        httpServletRequest.setAttribute("logout", "true");
    }
}
