package com.supermap.server.host.webapp.handlers;

import com.supermap.server.config.ComponentSetting;
import com.supermap.server.config.ComponentSettingSet;
import com.supermap.server.config.Config;
import com.supermap.server.config.SecuritySetting;
import com.supermap.server.config.ServerConfiguration;
import com.supermap.services.InterfaceContext;
import com.supermap.services.cluster.MonitorFactory;
import com.supermap.services.cluster.api.ClusterMembersListener;
import com.supermap.services.components.commontypes.AuthorizeSetting;
import com.supermap.services.components.commontypes.Member;
import com.supermap.services.components.commontypes.ServiceInfo;
import com.supermap.services.rest.HttpException;
import com.supermap.services.rest.HttpExceptionMapper;
import com.supermap.services.rest.IllegalArgumentExceptionMapper;
import com.supermap.services.rest.IllegalStateExceptionMapper;
import com.supermap.services.rest.JaxrsApplication;
import com.supermap.services.rest.JaxrsServletForJersey;
import com.supermap.services.rest.ScNotModifiedExceptionMapper;
import com.supermap.services.rest.Template;
import com.supermap.services.rest.UnauthorizedResult;
import com.supermap.services.rest.decoders.JsonDecoder;
import com.supermap.services.rest.encoders.JsonEncoder;
import com.supermap.services.rest.encoders.JsonpEncoder;
import com.supermap.services.rest.encoders.RJsonEncoder;
import com.supermap.services.rest.encoders.TemplateEncoder;
import com.supermap.services.rest.encoders.XMLEncoder;
import com.supermap.services.rest.resources.JaxrsResourceBase;
import com.supermap.services.rest.resources.SecurityManageResource;
import com.supermap.services.rest.resources.impl.JaxrsStaticResource;
import com.supermap.services.rest.util.HttpUtil;
import com.supermap.services.security.BuiltInToken;
import com.supermap.services.security.CasRealm;
import com.supermap.services.security.ClientIdentifyType;
import com.supermap.services.security.ExtendedOAuthManager;
import com.supermap.services.security.ExtendedUserStorage;
import com.supermap.services.security.ExtraInfoFilter;
import com.supermap.services.security.GenerateTokenPostParameter;
import com.supermap.services.security.JwtUtil;
import com.supermap.services.security.KeycloakConfig;
import com.supermap.services.security.Manager;
import com.supermap.services.security.MyShiroFilter;
import com.supermap.services.security.PermissionDAOs;
import com.supermap.services.security.SecurityConstants;
import com.supermap.services.security.SecurityInfoDAO;
import com.supermap.services.security.SecurityServerConfiguration;
import com.supermap.services.security.SecurityUtility;
import com.supermap.services.security.ServiceBeanPermission;
import com.supermap.services.security.ServiceBeanPermissionDAO;
import com.supermap.services.security.ShiroEnvironmentLoaderListener;
import com.supermap.services.security.ShiroUtil;
import com.supermap.services.security.SystemPermissionDAO;
import com.supermap.services.security.TokenInfo;
import com.supermap.services.security.TokenRequestUtil;
import com.supermap.services.security.TokenUtil;
import com.supermap.services.security.User;
import com.supermap.services.security.UserAuthenticateFailedCounter;
import com.supermap.services.security.UsernamePasswordRealm;
import com.supermap.services.security.UsernamePasswordRealmListener;
import com.supermap.services.util.AESCipher;
import com.supermap.services.util.LogUtil;
import com.supermap.services.util.ProductTypeUtil;
import com.supermap.services.util.ResourceManager;
import com.supermap.services.util.SecurityContext;
import com.supermap.services.util.Tool;
import io.buji.pac4j.filter.CallbackFilter;
import java.io.File;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.HEAD;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.shiro.web.util.WebUtils;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.slf4j.cal10n.LocLogger;
import org.springframework.boot.autoconfigure.thymeleaf.ThymeleafProperties;
import org.springframework.context.support.ClassPathXmlApplicationContext;

/* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/server/host/webapp/handlers/SecurityHandler.class */
public class SecurityHandler extends AbstractHandler {
    private SecurityJaxrsServletForJersey a;
    private static final String b = "iportal_unauthorise_result";
    private static final String c = "iportal_unauthorise_result_customVariables";
    private static final String d = "does_not_exist_error";
    private static final String e = "security/extendedUserStorageConfig.xml";
    private static final Pattern f = Pattern.compile(".*&?_clusteruser=([^&]*).*");
    private static ResourceManager g = new ResourceManager("resource.securityManageResources");
    private static LocLogger h = LogUtil.getLocLogger(SecurityHandler.class, g);
    private MyShiroFilter i;
    private ShiroEnvironmentLoaderListener j;
    private boolean k;
    private boolean l;
    private Manager m;
    private DefaultWebSecurityManager n;
    public static final String LOGOUTURI = "/logout";
    private TokenUtil o;
    private JaxrsServletForJersey p;
    private ServerConfiguration q;
    private String r;
    private ServiceBeanPermissionDAO s;
    private SecurityInfoDAO t;
    private Config u;
    private static final String v = "preferred_username";

    /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/server/host/webapp/handlers/SecurityHandler$DefaultInterfaceContext.class */
    static class DefaultInterfaceContext implements InterfaceContext {
        private TokenUtil a;

        public DefaultInterfaceContext(TokenUtil tokenUtil) {
            this.a = null;
            this.a = tokenUtil;
        }

        @Override // com.supermap.services.InterfaceContext
        public <T> List<T> getComponents(Class<T> cls) {
            return Collections.emptyList();
        }

        @Override // com.supermap.services.InterfaceContext
        public <T> T getConfig(Class<T> cls) {
            if (cls == null) {
                throw new IllegalArgumentException("配置类型参数不能为空。");
            }
            if (this.a == null || cls != TokenUtil.class) {
                return null;
            }
            return cls.cast(this.a);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/server/host/webapp/handlers/SecurityHandler$DoNothingFilterChain.class */
    public static class DoNothingFilterChain implements FilterChain {
        private boolean a;
        private Subject b;

        DoNothingFilterChain() {
        }

        @Override // javax.servlet.FilterChain
        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
            this.a = true;
            this.b = SecurityUtils.getSubject();
        }

        public boolean doFilterExecuted() {
            return this.a;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/server/host/webapp/handlers/SecurityHandler$PermissionDeniedApplication.class */
    public static class PermissionDeniedApplication extends JaxrsApplication {

        @Produces({"*/*"})
        @Provider
        /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/server/host/webapp/handlers/SecurityHandler$PermissionDeniedApplication$UndefineObjectCatcher.class */
        public static class UndefineObjectCatcher extends JsonEncoder {
            @Override // com.supermap.services.rest.encoders.JsonEncoder, javax.ws.rs.ext.MessageBodyWriter
            public boolean isWriteable(Class cls, Type type, Annotation[] annotationArr, MediaType mediaType) {
                return true;
            }
        }

        public PermissionDeniedApplication(@Context ServletConfig servletConfig) {
            super(servletConfig);
        }

        @Override // com.supermap.services.rest.JaxrsApplication
        protected Set<Class<?>> loadClassByComponents() {
            HashSet hashSet = new HashSet();
            hashSet.add(PermissionDeniedResource.class);
            hashSet.add(TemplateEncoder.class);
            hashSet.add(JsonEncoder.class);
            hashSet.add(RJsonEncoder.class);
            hashSet.add(XMLEncoder.class);
            hashSet.add(JsonpEncoder.class);
            hashSet.add(IllegalArgumentExceptionMapper.class);
            hashSet.add(IllegalStateExceptionMapper.class);
            hashSet.add(HttpExceptionMapper.class);
            hashSet.add(ScNotModifiedExceptionMapper.class);
            hashSet.add(JaxrsStaticResource.class);
            hashSet.add(JsonDecoder.class);
            hashSet.add(UndefineObjectCatcher.class);
            return hashSet;
        }
    }

    @Path("/")
    /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/server/host/webapp/handlers/SecurityHandler$PermissionDeniedResource.class */
    public static class PermissionDeniedResource extends JaxrsResourceBase {
        private HttpServletRequest a;

        public PermissionDeniedResource(@Context HttpServletRequest httpServletRequest) {
            this.a = httpServletRequest;
        }

        @POST
        @Template(name = "error.ftl")
        public Response post() {
            return createPermissionDeniedResponse();
        }

        @PUT
        @Template(name = "error.ftl")
        public Response put() {
            return createPermissionDeniedResponse();
        }

        @Template(name = "error.ftl")
        @DELETE
        public Response delete() {
            return createPermissionDeniedResponse();
        }

        @Path("{name}")
        public PermissionDeniedResource handle() {
            return this;
        }

        @HEAD
        @Template(name = "error.ftl")
        public Response head() {
            return createPermissionDeniedResponse();
        }

        @GET
        @Template(name = "error.ftl")
        public Response get() {
            return createPermissionDeniedResponse();
        }

        public Response createPermissionDeniedResponse() {
            Object attribute;
            if (this.a.getAttribute(SecurityHandler.d) instanceof HttpException) {
                throw ((HttpException) this.a.getAttribute(SecurityHandler.d));
            }
            if (ProductTypeUtil.ProductType.iPortal.equals(ProductTypeUtil.getProductType()) && (attribute = this.a.getAttribute(SecurityHandler.b)) != null) {
                return a(attribute);
            }
            UnauthorizedResult unauthorizedResult = new UnauthorizedResult();
            unauthorizedResult.contextPath = this.a.getContextPath();
            unauthorizedResult.errorMsg = SecurityHandler.g.getMessage((ResourceManager) SecurityManageResource.UNAUTHORIZED_EXCEPTION, new Object[0]);
            return a(unauthorizedResult);
        }

        @Override // com.supermap.services.rest.resources.JaxrsResourceBase, com.supermap.services.rest.encoders.TemplateEnabledResource
        public Map<String, Object> getCustomVariables() {
            Map<String, Object> customVariables = super.getCustomVariables();
            Object attribute = this.a.getAttribute(SecurityHandler.c);
            if (attribute != null) {
                customVariables.putAll((Map) attribute);
            }
            return customVariables;
        }

        private static Response a(Object obj) {
            Response.ResponseBuilder status = Response.status(401);
            status.entity(obj);
            return status.build();
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/iserver-all-10.0.1-18030-10.0.1-SNAPSHOT.jar:com/supermap/server/host/webapp/handlers/SecurityHandler$UpdateServiceTokenListener.class */
    public class UpdateServiceTokenListener implements Manager.CreateAdminUserListener {
        public UpdateServiceTokenListener() {
        }

        @Override // com.supermap.services.security.Manager.CreateAdminUserListener
        public void adminUserCreated() {
            if (SecurityHandler.this.m == null || !SecurityHandler.this.m.isAdminExistsOrNot()) {
                return;
            }
            SecurityHandler.this.r = SecurityHandler.this.c();
            SecurityHandler.this.q.updateServiceToken(SecurityHandler.this.r);
        }
    }

    public SecurityHandler(List<AbstractHandler> list) {
        super(list);
        this.i = new MyShiroFilter();
        this.j = new ShiroEnvironmentLoaderListener();
        this.k = true;
        this.l = true;
        this.o = TokenUtil.getInstance();
        this.p = new JaxrsServletForJersey();
        this.r = null;
    }

    public SecurityHandler() {
        this.i = new MyShiroFilter();
        this.j = new ShiroEnvironmentLoaderListener();
        this.k = true;
        this.l = true;
        this.o = TokenUtil.getInstance();
        this.p = new JaxrsServletForJersey();
        this.r = null;
    }

    @Override // com.supermap.server.host.webapp.handlers.AbstractHandler
    public void init(FilterConfig filterConfig) {
        Object attribute = filterConfig.getServletContext().getAttribute(Tool.ISERVER_CONFIG);
        Config config = attribute instanceof Config ? (Config) attribute : null;
        this.u = config;
        initClusterControllableEvn(config);
        if (isClusterControllable()) {
            return;
        }
        this.q = (ServerConfiguration) filterConfig.getServletContext().getAttribute("com.supermap.server.ServerConfiguration");
        try {
            File shiroIniFile = ShiroUtil.getShiroIniFile(null);
            File file = shiroIniFile;
            if (shiroIniFile.exists()) {
                shiroIniFile = ShiroIniUtil.removeShiroUrlsIfExists(shiroIniFile);
                file = ShiroIniUtil.convertIfNotCurrentVersion(shiroIniFile);
            }
            this.j.contextInitialized(filterConfig.getServletContext());
            this.t = (SecurityInfoDAO) this.j.getObject("securityInfoDao", SecurityInfoDAO.class);
            this.s = (ServiceBeanPermissionDAO) this.j.getObject("securityInfoDao", ServiceBeanPermissionDAO.class);
            SecuritySetting securitySetting = getServer().getConfig().getSecuritySetting();
            UserAuthenticateFailedCounter.setSetting(securitySetting.passwordProtectedSetting.getUserPasswordErrorCounterSetting());
            SecuritySetting securitySetting2 = config != null ? config.getSecuritySetting() : null;
            this.n = this.j.getSecurityManager();
            setRemoberMeManagerCipherKey(this.n, securitySetting2.tokenKey);
            Manager manager = new Manager(shiroIniFile, securitySetting2, this.n);
            manager.setBeanPermissionDAO(this.s);
            manager.setSecurityInfoDAO(this.t);
            manager.reloadStorage();
            this.t.setFormPasswordSavedCount(securitySetting.passwordProtectedSetting.getPasswordDiffCount());
            SecurityInfoImporter.importFromIni(file, this.t, this.s);
            manager.reload(false);
            Manager.setInstance(manager);
            this.q.addListener(new UpdateServiceBeanAuthorisationListener(this.q, this.s));
            filterConfig.getServletContext().setAttribute(AbstractHandler.SERVER_CONFIGURATION_NO_SECURITY, this.q);
            this.i.init(filterConfig);
            ShiroUtil.setShiroSecurityManager(this.i.getSecurityManager());
            NotifyPermissionDAOListener notifyPermissionDAOListener = new NotifyPermissionDAOListener();
            DefaultSecurityEnviroment defaultSecurityEnviroment = new DefaultSecurityEnviroment((PermissionDAOs) this.j.getObject("permissionDAOs", PermissionDAOs.class));
            UsernamePasswordRealm usernamePasswordRealm = (UsernamePasswordRealm) this.j.getObject(SecurityConstants.USERNAME_PW_REALM, UsernamePasswordRealm.class);
            usernamePasswordRealm.setExtendedUserStorage(b());
            defaultSecurityEnviroment.setUsernamePasswordRealm(usernamePasswordRealm);
            defaultSecurityEnviroment.setSecurityInfoDao(this.t);
            defaultSecurityEnviroment.setNotifyPermissionDAOListener(notifyPermissionDAOListener);
            defaultSecurityEnviroment.addPermissionDAO(this.s);
            defaultSecurityEnviroment.addPermissionDAO(new SystemPermissionDAO());
            for (Object obj : this.j.getObjects().values()) {
                if (!obj.equals(this.t)) {
                    if (obj instanceof UsernamePasswordRealmListener) {
                        defaultSecurityEnviroment.addUsernamePasswordRealmListener((UsernamePasswordRealmListener) obj);
                    }
                }
            }
            manager.setExtendedUserStore((UsernamePasswordRealmListener) this.j.getObject("securityInfoDao", UsernamePasswordRealmListener.class));
            defaultSecurityEnviroment.addUsernamePasswordRealmListener(manager);
            SecurityUtility.setSecurityEnviroment(filterConfig.getServletContext(), defaultSecurityEnviroment);
            SecurityUtility.setSecurityInfoDAO(filterConfig.getServletContext(), this.t);
            ExtendedOAuthManager.setInstance(new ExtendedOAuthManager());
            this.m = Manager.getInstance();
            this.m.setCallbackFilter((CallbackFilter) this.j.getObject("callbackFilter", CallbackFilter.class));
            SecurityServerConfiguration securityServerConfiguration = new SecurityServerConfiguration(this.q);
            filterConfig.getServletContext().setAttribute("com.supermap.server.ServerConfiguration", securityServerConfiguration);
            securityServerConfiguration.onEnabledModified(this.m.isSecurityEnabled());
            this.m.setServerConfiguration(this.q);
            this.m.addSecurityEnabledListener(securityServerConfiguration);
            this.k = this.m.isSecurityEnabled();
            this.l = isAdminSecurityEnabledOrNot();
            this.m.addSecurityEnabledListener(z -> {
                this.k = z;
            });
            if (this.a != null) {
                return;
            }
            this.a = new SecurityJaxrsServletForJersey();
            try {
                this.a.init(getServletConfig(filterConfig));
                this.p.init(getServletConfig(filterConfig));
                this.p.setJaxrsApplicationClass(PermissionDeniedApplication.class);
            } catch (ServletException e2) {
                h.warn(e2.getMessage(), e2);
            }
            d();
            this.a.setInterfaceContext(new DefaultInterfaceContext(this.o));
            if (this.m.isAdminExistsOrNot()) {
                this.r = c();
                this.q.updateServiceToken(this.r);
            } else {
                this.m.addCreateAdminUserListener(new UpdateServiceTokenListener());
            }
            ClusterMembersListener clusterMembersListener = new ClusterMembersListener() { // from class: com.supermap.server.host.webapp.handlers.SecurityHandler.1
                @Override // com.supermap.services.cluster.api.ClusterMembersListener
                public void updateMember(Member member, Member member2) {
                    addMember(member2);
                }

                @Override // com.supermap.services.cluster.api.ClusterMembersListener
                public void deleteMember(Member member) {
                }

                @Override // com.supermap.services.cluster.api.ClusterMembersListener
                public void addMember(Member member) {
                    if (ArrayUtils.isEmpty(member.services)) {
                        return;
                    }
                    for (ServiceInfo serviceInfo : member.services) {
                        String replace = serviceInfo.name.substring(serviceInfo.name.indexOf(95) + 1).replace('^', '/');
                        if (SecurityHandler.this.m.getInstanceAuthorisation(replace) == null) {
                            SecurityHandler.this.m.updateInstanceAuthorisation(replace, new AuthorizeSetting());
                        }
                    }
                }
            };
            if (MonitorFactory.getInstance() != null) {
                MonitorFactory.getInstance().addClusterMembersListener(clusterMembersListener);
                Iterator<Member> it = MonitorFactory.getInstance().getMembers().iterator();
                while (it.hasNext()) {
                    clusterMembersListener.addMember(it.next());
                }
            }
            this.m.setLoginUriEnvParam();
        } catch (Exception e3) {
            h.warn("security init fail");
            h.warn(e3.getMessage());
            h.debug("security init fail", e3);
            this.k = false;
        }
    }

    private List<ExtendedUserStorage> b() {
        if (Thread.currentThread().getContextClassLoader().getResource(e) == null) {
            return Collections.emptyList();
        }
        try {
            ClassPathXmlApplicationContext classPathXmlApplicationContext = new ClassPathXmlApplicationContext(e);
            Throwable th = null;
            try {
                ArrayList arrayList = new ArrayList();
                Map beansOfType = classPathXmlApplicationContext.getBeansOfType(ExtendedUserStorage.class);
                if (beansOfType == null || beansOfType.size() == 0) {
                    List<ExtendedUserStorage> emptyList = Collections.emptyList();
                    if (classPathXmlApplicationContext != null) {
                        if (0 != 0) {
                            try {
                                classPathXmlApplicationContext.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            classPathXmlApplicationContext.close();
                        }
                    }
                    return emptyList;
                }
                arrayList.addAll(beansOfType.values());
                if (classPathXmlApplicationContext != null) {
                    if (0 != 0) {
                        try {
                            classPathXmlApplicationContext.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        classPathXmlApplicationContext.close();
                    }
                }
                return arrayList;
            } finally {
            }
        } catch (RuntimeException e2) {
            h.debug("loadExtendedUserStoragesfromBean exception:", e2);
            return Collections.emptyList();
        }
        h.debug("loadExtendedUserStoragesfromBean exception:", e2);
        return Collections.emptyList();
    }

    private void a(ServiceBeanPermissionDAO serviceBeanPermissionDAO) {
        if (serviceBeanPermissionDAO == null) {
            return;
        }
        Map<String, AuthorizeSetting> instanceAuthorisations = serviceBeanPermissionDAO.getInstanceAuthorisations();
        if (this.u == null) {
            return;
        }
        List<ComponentSetting> listComponentSettings = this.u.listComponentSettings();
        List<ComponentSettingSet> listComponentSettingSets = this.u.listComponentSettingSets();
        LinkedList linkedList = new LinkedList();
        for (ComponentSetting componentSetting : listComponentSettings) {
            if (!StringUtils.isBlank(componentSetting.interfaceNames)) {
                for (String str : componentSetting.interfaceNames.split(",")) {
                    linkedList.add(componentSetting.name + "/" + str);
                }
            }
        }
        for (ComponentSettingSet componentSettingSet : listComponentSettingSets) {
            if (!StringUtils.isBlank(componentSettingSet.interfaceNames)) {
                for (String str2 : componentSettingSet.interfaceNames.split(",")) {
                    linkedList.add(componentSettingSet.name + "/" + str2);
                }
            }
        }
        if (CollectionUtils.isEmpty(linkedList)) {
            return;
        }
        HashSet hashSet = new HashSet(instanceAuthorisations.keySet());
        Iterator it = linkedList.iterator();
        while (it.hasNext() && !instanceAuthorisations.isEmpty()) {
            if (hashSet.remove((String) it.next())) {
                it.remove();
            }
        }
        if (linkedList.isEmpty()) {
            if (hashSet.isEmpty()) {
                return;
            }
            serviceBeanPermissionDAO.removeInstances((String[]) hashSet.toArray(new String[hashSet.size()]));
        } else {
            ArrayList arrayList = new ArrayList(linkedList.size());
            Iterator it2 = linkedList.iterator();
            while (it2.hasNext()) {
                arrayList.add(new ServiceBeanPermission().role(SecurityConstants.ROLE_EVERYONE).allowAccessService((String) it2.next()));
            }
            serviceBeanPermissionDAO.insert((ServiceBeanPermission[]) arrayList.toArray(new ServiceBeanPermission[arrayList.size()]));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String c() {
        String str = System.getenv(Tool.CLUSTER_SERVICE_TOKEN);
        if (StringUtils.isNotBlank(str)) {
            return str;
        }
        User systemUser = this.m.getSystemUser();
        GenerateTokenPostParameter generateTokenPostParameter = new GenerateTokenPostParameter();
        generateTokenPostParameter.clientType = ClientIdentifyType.Referer;
        generateTokenPostParameter.referer = "http://iserver_cluster";
        generateTokenPostParameter.expiration = 525600L;
        generateTokenPostParameter.userName = systemUser.name;
        generateTokenPostParameter.password = systemUser.password;
        return this.o.generateToken(generateTokenPostParameter);
    }

    @Override // com.supermap.server.host.webapp.handlers.AbstractHandler
    public void update(Map map) {
        if (isClusterControllable()) {
            return;
        }
        String tokenKey = this.o.getTokenKey();
        d();
        String tokenKey2 = this.o.getTokenKey();
        if (this.m != null && this.m.isAdminExistsOrNot()) {
            if (this.r == null || !tokenKey2.equals(tokenKey)) {
                this.r = c();
                this.q.updateServiceToken(this.r);
            }
            this.m.refreshSecurityEnabled();
        }
        a(this.s);
    }

    private void d() {
        try {
            this.o.setTokenKey(getServer().getConfig().getSecuritySetting().tokenKey);
        } catch (RuntimeException e2) {
            h.warn(e2.getMessage(), e2);
        }
    }

    @Override // com.supermap.server.host.webapp.handlers.AbstractHandler
    public void destroy() {
        this.j.destroy();
        this.i.destroy();
        SecurityContext.closeCurrent();
    }

    @Override // com.supermap.server.host.webapp.handlers.AbstractHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        CasRealm casRealm;
        String pathInfo = getPathInfo(httpServletRequest);
        if (StringUtils.startsWith(pathInfo, "/help/") || StringUtils.equalsIgnoreCase(pathInfo, "/help")) {
            return;
        }
        if (ProductTypeUtil.isPortal() && StringUtils.contains(pathInfo, "/static/")) {
            return;
        }
        if (isClusterControllable()) {
            if (d(httpServletRequest)) {
                httpServletResponse.setStatus(403);
                setHandleFinished(httpServletRequest);
                return;
            }
            return;
        }
        preHandle(httpServletRequest, httpServletResponse);
        try {
            if (SecurityUtility.isLogin(httpServletRequest)) {
                if (this.k && (casRealm = ShiroUtil.getCasRealm()) != null && casRealm.isEnabled() && !casRealm.isReserveSystemAccount() && StringUtils.isNotBlank(casRealm.getLoginURL(httpServletRequest))) {
                    WebUtils.issueRedirect(httpServletRequest, httpServletResponse, casRealm.getLoginURL(httpServletRequest));
                    setHandleFinished(httpServletRequest);
                    return;
                }
            } else if (!doAuthenticateAndAuthorizate(httpServletRequest, httpServletResponse) || a(httpServletRequest)) {
                setHandleFinished(httpServletRequest);
            } else {
                a((SecurityManager) this.n, httpServletRequest, httpServletResponse);
                e(httpServletRequest);
            }
            if (d(httpServletRequest) && !a(httpServletRequest)) {
                processSecurityServiceRequest(httpServletRequest, httpServletResponse);
            }
        } catch (ServletException e2) {
            if (e2.getCause() instanceof HttpException) {
                httpServletRequest.setAttribute(d, e2.getCause());
            }
            h.debug("SecurityHandler.handle.occurs.ServletException:" + e2.getMessage(), e2);
            new WebAppRequestDispatcher("//", this.p).forward(httpServletRequest, httpServletResponse);
            setHandleFinished(httpServletRequest);
        }
    }

    @Override // com.supermap.server.host.webapp.handlers.AbstractHandler
    public void after(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ThreadContext.remove();
        SecurityContext.closeCurrent();
    }

    private static boolean a(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().contains(LOGOUTURI);
    }

    protected void setRemoberMeManagerCipherKey(DefaultWebSecurityManager defaultWebSecurityManager, String str) {
        defaultWebSecurityManager.getRememberMeManager().setCipherKey(AESCipher.getAESKeyBytes(str));
    }

    protected void preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ThreadContext.remove();
        WebSecurityManager securityManager = this.i.getSecurityManager();
        ThreadContext.bind(securityManager);
        ShiroUtil.setShiroSecurityManager(securityManager);
        SecurityContext.closeCurrent();
    }

    protected void processSecurityServiceRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        new WebAppRequestDispatcher(((String) httpServletRequest.getAttribute("com.supermap.server.host.webapp.baseuri")) + "/security", this.a).forward(httpServletRequest, httpServletResponse);
        setHandleFinished(httpServletRequest);
    }

    protected boolean doAuthenticateAndAuthorizate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        boolean z;
        if (isSetupAdminRequestOrNot(httpServletRequest) || isApplyOnlineLicenseRequest(httpServletRequest) || b(httpServletRequest)) {
            return true;
        }
        if (d(httpServletRequest)) {
            z = true;
        } else if (c(httpServletRequest)) {
            z = this.l;
            if (!this.l) {
                ShiroUtil.login(httpServletRequest, httpServletResponse, new BuiltInToken("system", new String[]{"SYSTEM", "ADMIN"}, new String[]{"*"}));
            }
        } else {
            z = this.k;
        }
        if (!z) {
            return true;
        }
        boolean z2 = true;
        DoNothingFilterChain doNothingFilterChain = new DoNothingFilterChain() { // from class: com.supermap.server.host.webapp.handlers.SecurityHandler.2
            @Override // com.supermap.server.host.webapp.handlers.SecurityHandler.DoNothingFilterChain, javax.servlet.FilterChain
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
                super.doFilter(servletRequest, servletResponse);
            }
        };
        this.i.doFilter(httpServletRequest, httpServletResponse, doNothingFilterChain);
        if (doNothingFilterChain.doFilterExecuted()) {
            ThreadContext.bind(doNothingFilterChain.b);
        } else {
            z2 = false;
        }
        return z2;
    }

    private boolean b(HttpServletRequest httpServletRequest) {
        int lastIndexOf;
        String str = (String) httpServletRequest.getAttribute(ExtraInfoFilter.INSTANCE_NAME);
        if (StringUtils.isEmpty(str) || AbstractHandler.NOT_INSTANCE_REQUEST.equals(str)) {
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        if (StringUtils.isEmpty(requestURI) || (lastIndexOf = requestURI.lastIndexOf(46)) == -1 || lastIndexOf < requestURI.lastIndexOf(47) || ThymeleafProperties.DEFAULT_SUFFIX.equalsIgnoreCase(requestURI.substring(lastIndexOf))) {
            return false;
        }
        return this.s.getPublicServiceNames().contains(str);
    }

    private static boolean c(HttpServletRequest httpServletRequest) {
        return getPathInfo(httpServletRequest).matches("/manager.*");
    }

    private static boolean d(HttpServletRequest httpServletRequest) {
        return getPathInfo(httpServletRequest).matches("/security.*");
    }

    private static void a(SecurityManager securityManager, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Subject subject;
        try {
            subject = ThreadContext.getSubject();
            if (subject == null) {
                subject = b(securityManager, httpServletRequest, httpServletResponse);
            }
            if (subject.isAuthenticated()) {
                if (subject.isPermitted(SecurityConstants.PERMISSION_GUEST_ONLY)) {
                    return;
                }
            }
        } catch (NullPointerException e2) {
            h.debug(e2.getMessage(), e2);
            subject = null;
        }
        String str = subject == null ? null : (String) subject.getPrincipal();
        if (str == null) {
            return;
        }
        String token = TokenRequestUtil.getToken(httpServletRequest);
        TokenInfo tokenInfo = null;
        if (StringUtils.isNotEmpty(token) && StringUtils.isEmpty(str)) {
            KeycloakConfig keycloakConfig = Manager.getInstance().getKeycloakConfig();
            JsonWebSignature jsonWebSignature = keycloakConfig.isEnable() ? JwtUtil.getJsonWebSignature(token) : null;
            if (jsonWebSignature != null) {
                JwtClaims verifyToken = JwtUtil.verifyToken(keycloakConfig, jsonWebSignature, token);
                if (verifyToken != null) {
                    str = (String) verifyToken.getClaimValue(v);
                }
            } else {
                tokenInfo = TokenUtil.getInstance().getTokenInfo(token);
                if (tokenInfo != null) {
                    str = tokenInfo.userName;
                }
            }
        }
        if (!subject.isAuthenticated() && StringUtils.isNotEmpty(token)) {
            String[] split = StringUtils.split(httpServletRequest.getRequestURI(), '/');
            if (split.length == 2 && split[1].startsWith("services")) {
                TokenRequestUtil.login(httpServletRequest, httpServletResponse, tokenInfo);
            }
        }
        HttpUtil.putCurrentUserName(str, httpServletRequest);
    }

    private static Subject b(SecurityManager securityManager, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return new WebSubject.Builder(securityManager, httpServletRequest, httpServletResponse).buildWebSubject();
    }

    private static void e(HttpServletRequest httpServletRequest) {
        String currentUserName = HttpUtil.getCurrentUserName(httpServletRequest);
        String queryString = httpServletRequest.getQueryString();
        String str = "";
        if (StringUtils.isNotBlank(queryString)) {
            Matcher matcher = f.matcher(queryString);
            if (matcher.matches()) {
                str = matcher.group(1);
            }
        }
        SecurityContext.current(new SecurityContext().setUser(currentUserName).setClusterMasterUser(str));
    }
}
