package com.fit2cloud.commons.server.security;

import com.fit2cloud.commons.server.constants.WebConstants;
import com.fit2cloud.commons.utils.GlobalConfigurations;
import com.fit2cloud.commons.utils.LogUtil;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.web.filter.authc.AnonymousFilter;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:com/fit2cloud/commons/server/security/SsoFilter.class */
public class SsoFilter extends AnonymousFilter {
    public static final String SSO_ERROR_COOKIE_NAME = "rememberme_sso_error";

    protected boolean onPreHandle(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        try {
            if (!SecurityUtils.getSubject().isAuthenticated()) {
                String validate = SsoSessionHandler.validate(WebUtils.toHttp(servletRequest));
                if (StringUtils.isNotBlank(validate)) {
                    if (LogUtil.getLogger().isDebugEnabled()) {
                        LogUtil.getLogger().debug("user sso auth: " + validate);
                    }
                    SecurityUtils.getSubject().login(new UsernamePasswordToken(validate, SsoSessionHandler.random));
                }
            } else if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(servletRequest)).booleanValue()) {
                SecurityUtils.getSubject().login(new UsernamePasswordToken(SsoSessionHandler.validate(WebUtils.toHttp(servletRequest)), SsoSessionHandler.random));
            }
            if (!SecurityUtils.getSubject().isAuthenticated()) {
                ((HttpServletResponse) servletResponse).setHeader("Authentication-Status", "invalid");
            }
            return true;
        } catch (Exception e) {
            if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(servletRequest)).booleanValue()) {
                throw e;
            }
            LogUtil.getLogger().error("failed to handle single sign on..", e);
            if (!GlobalConfigurations.isReleaseMode()) {
                return true;
            }
            try {
                if (StringUtils.isNotBlank(e.getMessage())) {
                    Cookie cookie = new Cookie(SSO_ERROR_COOKIE_NAME, URLEncoder.encode(e.getMessage(), "UTF-8"));
                    cookie.setPath(WebConstants.ROOT_PATH);
                    cookie.setMaxAge(30);
                    WebUtils.toHttp(servletResponse).addCookie(cookie);
                }
                WebUtils.issueRedirect(servletRequest, servletResponse, "/logout");
                return true;
            } catch (IOException e2) {
                LogUtil.getLogger().error("failed to redirect.", e2);
                return true;
            }
        }
    }
}
