package kd.bos.auth.filter.impl;

import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kd.bos.auth.filter.AuthFilter;
import kd.bos.auth.filter.HandleResult;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.kcf.message.KMessage;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.api.model.OpenApiResponse;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.AuthExtendException;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.ApiDataUtil;
import kd.bos.openapi.common.util.CollectionUtil;
import kd.bos.openapi.common.util.McConfigUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.kcf.context.OpenApiAuthContext;
import kd.bos.openapi.kcf.result.ResultProcessUtil;
import kd.bos.openapi.kcf.spi.OpenApiServiceManager;
import kd.bos.openapi.kcf.utils.ApiAuthLogUtil;
import kd.bos.openapi.kcf.utils.ApiPluginRpcHelper;
import kd.bos.openapi.kcf.utils.OpenApiExceptionUtil;
import kd.bos.openapi.kcf.utils.OpenApiPluginUtil;
import kd.bos.openapi.security.model.ApiIpInfoDto;
import kd.bos.openapi.security.model.Open3rdappsDto;
import kd.bos.service.authorize.http.KDSignHttpServletRequestWrapper;
import kd.bos.service.authorize.model.ApiCommonResult;
import kd.bos.service.authorize.model.AuthInfo;
import kd.bos.service.authorize.model.AuthResult;

/* loaded from: input_file:kd/bos/auth/filter/impl/OpenAuthExtendFilter.class */
public class OpenAuthExtendFilter extends AbstractCommonFilter implements AuthFilter {
    private static final Log log = LogFactory.getLog(OpenAuthExtendFilter.class);

    @Override // kd.bos.auth.filter.AuthFilter
    public HandleResult<ApiCommonResult> doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        long currentTimeMillis = System.currentTimeMillis();
        String apiUrl = ApiDataUtil.getApiUrl(httpServletRequest);
        try {
            try {
                if (!"6".equals(OpenApiAuthContext.getContext().getAuthType())) {
                    HandleResult<ApiCommonResult> handleResult = HandleResult.getHandleResult(null);
                    handleResult.setHandled(false);
                    int currentTimeMillis2 = (int) (System.currentTimeMillis() - currentTimeMillis);
                    if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                        ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis2);
                    }
                    return handleResult;
                }
                String accountId = OpenApiAuthContext.getContext().getCurrentCenter().getAccountId();
                String paramsFromHeaderAndQuery = getParamsFromHeaderAndQuery("client_id");
                if (StringUtil.isEmpty(paramsFromHeaderAndQuery)) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, String.format(ResManager.loadKDString("请求参数错误: %1$s为空。", "OauthTokenUtil_1", ResSystemType.KCF.getType(), new Object[0]), "clientId"), new Object[0]);
                }
                String paramsFromHeaderAndQuery2 = getParamsFromHeaderAndQuery("username");
                if (StringUtil.isEmpty(paramsFromHeaderAndQuery2)) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("请求参数错误：username为空。", "ApiTokenServiceImpl_15", ResSystemType.BASE.getType(), new Object[0]), new Object[0]);
                }
                Map userInfoByUserName = OpenApiServiceManager.getOpenApiAuthService().getUserInfoByUserName(paramsFromHeaderAndQuery2);
                if (userInfoByUserName == null || userInfoByUserName.get("fid") == null) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, String.format(ResManager.loadKDString("请求参数错误：username：用户无效或不可用，请修改后再试。", "ApiTokenServiceImpl_16", ResSystemType.BASE.getType(), new Object[0]), paramsFromHeaderAndQuery2), new Object[0]);
                }
                Long valueOf = Long.valueOf(Long.parseLong((String) userInfoByUserName.get("fid")));
                Open3rdappsDto thirdAppDtoByNum = OpenApiServiceManager.getOpenApiAuthService().getThirdAppDtoByNum(paramsFromHeaderAndQuery, accountId);
                if (thirdAppDtoByNum == null || thirdAppDtoByNum.getFid() == null || thirdAppDtoByNum.getFid().longValue() == 0) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, String.format(ResManager.loadKDString("请求参数错误: 第三方应用clientId： %1$s在系统中不存在或未启用。", "OauthTokenUtil_3", ResSystemType.KCF.getType(), new Object[0]), paramsFromHeaderAndQuery), new Object[0]);
                }
                if (thirdAppDtoByNum.isEnableAgency() && (CollectionUtil.isEmpty(thirdAppDtoByNum.getAgentUserIdList()) || !thirdAppDtoByNum.getAgentUserIdList().contains(valueOf))) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("第三方应用（client_id）的代理用户为空或userName不在代理用户中。", "ApiTokenServiceImpl_17", ResSystemType.BASE.getType(), new Object[0]), new Object[0]);
                }
                ApiIpInfoDto apiIpInfoDto = new ApiIpInfoDto();
                apiIpInfoDto.setIp(OpenApiAuthContext.getContext().getIp());
                apiIpInfoDto.setThirdId(thirdAppDtoByNum.getFid());
                apiIpInfoDto.setAccountId(OpenApiAuthContext.getContext().getCurrentCenter().getAccountId());
                OpenApiServiceManager.getApiGateService().checkIP(apiIpInfoDto);
                AuthInfo authInfo = new AuthInfo();
                authInfo.setAuthType("6");
                authInfo.setThirdAppNumber(paramsFromHeaderAndQuery);
                HandleResult<ApiCommonResult> handleResult2 = HandleResult.getHandleResult(null);
                Map<String, String> authPluginClass = OpenApiPluginUtil.getAuthPluginClass("api_global_authplugin", OpenApiAuthContext.getContext().getCurrentCenter().getAccountId());
                String str = authPluginClass.get("api_global_authplugin");
                String str2 = authPluginClass.get("api_global_pluginappid");
                if (StringUtil.isEmpty(str) || StringUtil.isEmpty(str2)) {
                    handleResult2.setHandled(false);
                    int currentTimeMillis3 = (int) (System.currentTimeMillis() - currentTimeMillis);
                    if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                        ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis3);
                    }
                    return handleResult2;
                }
                try {
                    OpenApiResponse openApiResponse = (OpenApiResponse) ApiPluginRpcHelper.invokePlugin(str2, str, "unSignAndDecrypt", OpenApiAuthContext.getContext().createCustomRequestDto());
                    ApiCommonResult apiCommonResult = (ApiCommonResult) openApiResponse.getData();
                    if (apiCommonResult.getStatus().booleanValue()) {
                        if (apiCommonResult.getData() != null && StringUtil.isNotEmpty(((AuthResult) apiCommonResult.getData()).getData())) {
                            ((KDSignHttpServletRequestWrapper) httpServletRequest).setBody(((AuthResult) apiCommonResult.getData()).getData().getBytes(KMessage.UTF8));
                        }
                        AuthResult authResult = new AuthResult();
                        authResult.setThirdId(thirdAppDtoByNum.getFid());
                        authResult.setAgentUserId(valueOf);
                        authResult.setThirdAppNumber(paramsFromHeaderAndQuery);
                        authResult.setAccountId(accountId);
                        authResult.setAuthType("6");
                        apiCommonResult.setData(authResult);
                        handleResult2.setData(apiCommonResult);
                        if (McConfigUtil.isSecurityLogOpen(RequestContext.get().getTenantId())) {
                            log.info("OpenAuthExtend pass.");
                        }
                        int currentTimeMillis4 = (int) (System.currentTimeMillis() - currentTimeMillis);
                        if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                            ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis4);
                        }
                        return handleResult2;
                    }
                    if (apiCommonResult.getData() != null && ((AuthResult) apiCommonResult.getData()).getParams() != null) {
                        AuthResult authResult2 = (AuthResult) apiCommonResult.getData();
                        Object obj = authResult2.getParams().get("responseData");
                        boolean z = false;
                        if (openApiResponse.getResponseHeaders() != null && openApiResponse.getResponseHeaders().size() > 0) {
                            z = true;
                        }
                        if (openApiResponse.getHttpStatus() > 0) {
                            z = true;
                        }
                        if (obj != null) {
                            z = true;
                        }
                        if (z) {
                            HashMap hashMap = new HashMap();
                            hashMap.put("responseHeader", openApiResponse.getResponseHeaders());
                            hashMap.put("httpStatus", Integer.valueOf(openApiResponse.getHttpStatus()));
                            hashMap.put("responseData", authResult2.getParams().get("responseData"));
                            throw new AuthExtendException(hashMap, ApiErrorCode.HTTP_UNAUTHORIZED, ResManager.loadKDString("API认证插件认证未通过。", "OpenAuthExtendFilter_3", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                        }
                    }
                    ApiErrorCode apiErrorCode = ApiErrorCode.HTTP_UNAUTHORIZED;
                    String loadKDString = ResManager.loadKDString("API认证插件认证未通过。message: %1$s", "OpenAuthExtendFilter_0", ResSystemType.KCF.getType(), new Object[0]);
                    Object[] objArr = new Object[1];
                    objArr[0] = apiCommonResult == null ? "" : apiCommonResult.getMessage();
                    throw new OpenApiException(apiErrorCode, String.format(loadKDString, objArr), new Object[0]);
                } catch (Exception e) {
                    if (e instanceof OpenApiException) {
                        OpenApiException openApiException = e;
                        if ("401".equals(openApiException.getCode())) {
                            throw openApiException;
                        }
                    }
                    throw new OpenApiException(ApiErrorCode.PLUGIN_ERROR, String.format(ResManager.loadKDString("认证插件执行异常， error:%1$s。", "OpenAuthExtendFilter_1", ResSystemType.KCF.getType(), new Object[0]), e.getMessage()), new Object[]{e});
                }
            } catch (Throwable th) {
                String str3 = "----OpenAuthExtend OpenApi Auth Failed. error:" + th.getMessage();
                log.error(str3, th);
                ApiCommonResult failResult = ApiCommonResult.getFailResult(ApiErrorCode.HTTP_BAD_REQUEST.getStatusCode(), str3);
                OpenApiExceptionUtil.handleAuthException(th, httpServletResponse, failResult);
                ResultProcessUtil.processAuthResult(httpServletRequest, httpServletResponse, failResult, th);
                HandleResult<ApiCommonResult> handleResult3 = HandleResult.getHandleResult(failResult);
                int currentTimeMillis5 = (int) (System.currentTimeMillis() - currentTimeMillis);
                if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                    ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis5);
                }
                return handleResult3;
            }
        } catch (Throwable th2) {
            int currentTimeMillis6 = (int) (System.currentTimeMillis() - currentTimeMillis);
            if (OpenApiAuthContext.getContext().isParamErrorCode()) {
                ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis6);
            }
            throw th2;
        }
    }
}
