package com.huawei.bigdata.om.web.security.iam;

import com.alibaba.fastjson.JSONObject;
import com.huawei.bigdata.om.common.utils.FileUtil;
import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.northbound.snmp.constdefinition.ConstDefinition;
import com.huawei.bigdata.om.web.api.model.ui.APISysStatusInfo;
import com.huawei.bigdata.om.web.api.service.AuditResourceService;
import com.huawei.bigdata.om.web.constant.Resource;
import com.huawei.bigdata.om.web.security.iam.HeartbeatEventManager;
import com.huawei.bigdata.om.web.util.WebSecurityUtil;
import com.huawei.hadoop.security.crypter.CrypterUtil;
import java.io.IOException;
import java.io.PrintWriter;
import java.text.Normalizer;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.wcc.framework.AppRuntimeException;

/* loaded from: input_file:com/huawei/bigdata/om/web/security/iam/SessionTimeoutFilter.class */
public class SessionTimeoutFilter implements Filter {
    private static final String LAST_REGULAR_URL_TIME_NAME = "last_regular_url_time";
    private static final String LAST_UNREGULAR_URL_TIME_NAME = "last_unregular_url_time";
    private static final String LOCK_SCREEN_NAME = "lock_screen";
    private static final String ATTACK = "ATTACK";
    private static final String SCREE_IS_AUDIT = "lock_screen_audit";
    private static final String NO_ACTION = "1";
    private static final String HAS_ACTION = "2";
    private static final String SEGMENT_SYMBOL = "#";
    private static final String SESSION_FILTER_URL_STATUS = "/api/v2/session/status";
    private static final String SESSION_FILTER_URL_UNLOCK = "/api/v2/session/unlock";
    private static final String SESSION_FILTER_PAGE_UNLOCK = "screenLockDialog.html";
    private static final String SESSION_FILTER_URL_LOGOUT = "/api/v2/session/logout";
    private static final String SESSION_TIMED_OUT_CONTENT = "Session timed out. Please log in again.";
    private static final String ILLEGAL_OPERATION_CONTENT = "Illegal operation. Please log in again.";
    private static final String SESSION_FILTER_URL_ALL_API = "/api/v2";
    private static final String REGULAR = "regularUrlStr";
    private static final String SSO_CONFIG_PATH = "/conf/web_https_server.properties";
    private static final Logger LOGGER = LoggerFactory.getLogger(SessionTimeoutFilter.class);
    private static final String SEPARATOR = System.getProperty("line.separator");
    private static Map<String, List<String>> regularUrlMap = new HashMap();

    public static boolean sendSessionTimeoutMsg(ServletRequest servletRequest, ServletResponse servletResponse, String str) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (httpServletRequest.getHeader("x-requested-with") == null || !httpServletRequest.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")) {
            return false;
        }
        ((HttpServletResponse) servletResponse).setHeader("Content-Type", "application/json");
        PrintWriter writer = servletResponse.getWriter();
        ArrayList arrayList = new ArrayList();
        APISysStatusInfo aPISysStatusInfo = new APISysStatusInfo();
        aPISysStatusInfo.setInfoType(Integer.valueOf(HeartbeatEventManager.EventID.SESSION_TIMEOUT_ID.getValue()).intValue());
        aPISysStatusInfo.setInfoContent(str);
        arrayList.add(aPISysStatusInfo);
        writer.print(JSONObject.toJSONString(arrayList));
        writer.flush();
        writer.close();
        return true;
    }

    private static Long getNowDateStr() {
        return Long.valueOf(System.currentTimeMillis());
    }

    private static boolean isTimeOut(Long l, int i) {
        return System.currentTimeMillis() - l.longValue() >= ((long) i) * 1000;
    }

    private static boolean isFilterPage(String str) {
        return !StringUtils.isEmpty(str) && str.contains(SESSION_FILTER_URL_STATUS);
    }

    public static boolean isLoginFilterPage(String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        return str.contains("login_check.htm") || str.contains("logout_action.htm") || str.contains("login.html") || str.contains("check_login.htm") || str.contains("login.htm");
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        if (filterConfig == null) {
            return;
        }
        for (String str : replaceBlank(filterConfig.getInitParameter(REGULAR)).split(AuditResourceService.SEMICOLON)) {
            String[] split = str.trim().split("#");
            if (split.length != 2) {
                LOGGER.error("Invalid regularUrl {} in web.xml file", str);
            } else {
                if (null == regularUrlMap.get(split[0])) {
                    regularUrlMap.put(split[0], new ArrayList());
                }
                regularUrlMap.get(split[0]).add(split[1]);
            }
        }
    }

    private String loadXFrameOptions(String str, String str2) {
        String str3 = "";
        new ArrayList().add("SAMEORIGIN");
        if (StringUtils.isEmpty(str) || !FileUtil.isExists(str)) {
            LOGGER.debug("x Frame Options file is invalid, use default xframeoptions.");
            return "SAMEORIGIN";
        }
        String property = FileUtil.loadProperties(str).getProperty(str2);
        if (StringUtils.isEmpty(property) || !(property.startsWith("SAMEORIGIN") || property.startsWith("DENY") || property.startsWith("ALLOW-FROM") || property.startsWith("ALLOWALL"))) {
            return "SAMEORIGIN";
        }
        String[] split = property.split(" ");
        if (split.length >= 2 && property.startsWith("ALLOW-FROM")) {
            String[] split2 = split[1].split(AuditResourceService.SEMICOLON);
            StringBuffer stringBuffer = new StringBuffer("ALLOW-FROM");
            for (String str4 : split2) {
                stringBuffer.append(" ").append(str4);
            }
            str3 = stringBuffer.toString();
        } else if (property.startsWith("DENY") || property.startsWith("SAMEORIGIN") || property.startsWith("ALLOWALL")) {
            str3 = property;
        }
        return str3;
    }

    private String loadCSPOptions(String str, String str2) {
        if (StringUtils.isEmpty(str) || !FileUtil.isExists(str)) {
            LOGGER.debug("x Frame Options file is invalid, use default xframeoptions.");
            return "";
        }
        String property = FileUtil.loadProperties(str).getProperty(str2);
        if (StringUtils.isEmpty(property) || !property.startsWith("frame-ancestors")) {
            return "";
        }
        String[] split = property.split(" ");
        if (split.length < 3) {
            return "";
        }
        String str3 = split[0];
        String str4 = split[1];
        String[] split2 = split[2].split(AuditResourceService.SEMICOLON);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(str3).append(" ").append(str4);
        for (String str5 : split2) {
            stringBuffer.append(" ").append(str5);
        }
        return stringBuffer.toString();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        constructHeader((HttpServletResponse) servletResponse);
        HttpSession session = httpServletRequest.getSession();
        String filterPageUri = getFilterPageUri(httpServletRequest);
        if (filterPageUri == null) {
            return;
        }
        String str = (String) session.getAttribute("IP_AND_USER_AGENT");
        if (str != null) {
            checkAttack(httpServletRequest, session, str);
        }
        String lockScreen = getLockScreen(session);
        int maxInactiveInterval = session.getMaxInactiveInterval();
        if (WebSecurityUtil.isNotNeedSecurityControl()) {
            LOGGER.debug("This version is depolyed for none security cloud.");
        } else if (isFilterPage(filterPageUri)) {
            if (handleTimeOut(servletRequest, servletResponse, httpServletRequest, session, lockScreen, maxInactiveInterval)) {
                return;
            }
        } else if (isNeedUpdateTime(httpServletRequest)) {
            session.setAttribute(LAST_REGULAR_URL_TIME_NAME, getNowDateStr());
        } else if (!Resource.SCREEN_LOCK.equals(lockScreen)) {
            LOGGER.debug("Update the timeout.");
            session.setAttribute(LAST_UNREGULAR_URL_TIME_NAME, getNowDateStr());
        } else if (filterPageUri.contains(SESSION_FILTER_PAGE_UNLOCK) || filterPageUri.contains(SESSION_FILTER_URL_UNLOCK)) {
            LOGGER.info("The request is unlock request.");
        } else {
            if (filterPageUri.contains(SESSION_FILTER_URL_ALL_API) && !filterPageUri.contains(SESSION_FILTER_URL_LOGOUT)) {
                LOGGER.warn("Illegal operation, the uri is {}.", StringHelper.replaceBlank(filterPageUri));
                session.setAttribute(ATTACK, Resource.SCREEN_LOCK);
                return;
            }
            LOGGER.debug("The request is not rest api");
        }
        processCatch(servletResponse, filterPageUri);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private void checkAttack(HttpServletRequest httpServletRequest, HttpSession httpSession, String str) {
        try {
            String decrypt = CrypterUtil.decrypt(str);
            String str2 = httpServletRequest.getRemoteAddr() + httpServletRequest.getHeader("USER-AGENT");
            if (decrypt != null && !decrypt.equals(str2)) {
                LOGGER.error("IP_AND_USER_AGENT is {} and message is {}", StringHelper.replaceBlank(decrypt), StringHelper.replaceBlank(str2));
                httpSession.setAttribute(ATTACK, Resource.SCREEN_LOCK);
            }
        } catch (AppRuntimeException e) {
            LOGGER.error("Encrypt addr and agent failed.");
        }
    }

    private String getFilterPageUri(HttpServletRequest httpServletRequest) {
        String str = httpServletRequest.getContextPath() + httpServletRequest.getServletPath();
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            str = str + pathInfo;
        }
        LOGGER.debug("Filter Page is {}.", StringHelper.replaceBlank(str));
        if (!str.startsWith("//")) {
            return str;
        }
        LOGGER.info("Request page uri error.");
        return null;
    }

    private String getLockScreen(HttpSession httpSession) {
        String str = (String) httpSession.getAttribute(LOCK_SCREEN_NAME);
        LOGGER.debug("{} is {}", LOCK_SCREEN_NAME, StringHelper.replaceBlank(str));
        if (null == str) {
            httpSession.setAttribute(SCREE_IS_AUDIT, Resource.SCREEN_LOCK);
            httpSession.setAttribute(LOCK_SCREEN_NAME, Resource.SCREEN_UNLOCK);
            str = Resource.SCREEN_UNLOCK;
        }
        return str;
    }

    private Long getLastUnRegularUrlTime(HttpSession httpSession) {
        Long l = (Long) httpSession.getAttribute(LAST_UNREGULAR_URL_TIME_NAME);
        LOGGER.debug("last {} is {}", LAST_UNREGULAR_URL_TIME_NAME, l);
        if (null == l) {
            l = getNowDateStr();
            httpSession.setAttribute(LAST_UNREGULAR_URL_TIME_NAME, l);
        }
        return l;
    }

    private Long getLastRegularUrlTime(HttpSession httpSession) {
        Long l = (Long) httpSession.getAttribute(LAST_REGULAR_URL_TIME_NAME);
        LOGGER.debug("last is {}.", "last_regular_url_time is:" + l);
        if (null == l) {
            l = getNowDateStr();
            httpSession.setAttribute(LAST_REGULAR_URL_TIME_NAME, l);
        }
        return l;
    }

    private boolean handleTimeOut(ServletRequest servletRequest, ServletResponse servletResponse, HttpServletRequest httpServletRequest, HttpSession httpSession, String str, int i) throws IOException {
        if (Resource.SCREEN_LOCK.equals(httpSession.getAttribute(ATTACK)) && sendSessionTimeoutMsg(servletRequest, servletResponse, ILLEGAL_OPERATION_CONTENT)) {
            LOGGER.info("Illegal operation, the page logout.");
            return true;
        }
        Long lastRegularUrlTime = getLastRegularUrlTime(httpSession);
        Long lastUnRegularUrlTime = getLastUnRegularUrlTime(httpSession);
        boolean isTimeOut = isTimeOut(lastRegularUrlTime, i);
        boolean isTimeOut2 = isTimeOut(lastUnRegularUrlTime, i);
        String parameter = httpServletRequest.getParameter("state");
        if (isTimeOut && isTimeOut2) {
            if (sendSessionTimeoutMsg(servletRequest, servletResponse, SESSION_TIMED_OUT_CONTENT)) {
                LOGGER.info("Session timeout, the page logout.");
                return true;
            }
        } else if (isTimeOut2 && str.equalsIgnoreCase(Resource.SCREEN_UNLOCK)) {
            LOGGER.info("Session Timeout.The page lock.");
            httpSession.setAttribute(LOCK_SCREEN_NAME, Resource.SCREEN_LOCK);
        }
        if ("1".equals(parameter)) {
            LOGGER.info("The state is {}, update lock screen time.", StringHelper.replaceBlank(parameter));
            httpSession.setAttribute(LAST_REGULAR_URL_TIME_NAME, getNowDateStr());
            return false;
        }
        if (!"2".equals(parameter)) {
            return false;
        }
        LOGGER.info("The state is {}, update session timeout time.", StringHelper.replaceBlank(parameter));
        httpSession.setAttribute(LAST_UNREGULAR_URL_TIME_NAME, getNowDateStr());
        return false;
    }

    private void constructHeader(HttpServletResponse httpServletResponse) {
        String str = System.getenv(ConstDefinition.OM_TOMCAT_HOME) + SSO_CONFIG_PATH;
        httpServletResponse.addHeader("X-FRAME-OPTIONS", loadXFrameOptions(str, "X-FRAME-OPTIONS"));
        String loadCSPOptions = loadCSPOptions(str, "Content-Security-Policy");
        if (!StringUtils.isEmpty(loadCSPOptions)) {
            httpServletResponse.addHeader("Content-Security-Policy", loadCSPOptions);
        }
        httpServletResponse.addHeader("X-XSS-Protection", "1; mode=block");
        httpServletResponse.addHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.addHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
        httpServletResponse.addHeader("X-Content-Security-Policy", "default-src 'self'");
    }

    boolean isNeedUpdateTime(HttpServletRequest httpServletRequest) {
        String str = httpServletRequest.getContextPath() + httpServletRequest.getServletPath();
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            str = str + pathInfo;
        }
        if (CollectionUtils.isEmpty(regularUrlMap.get(httpServletRequest.getMethod()))) {
            return false;
        }
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        String parameter = httpServletRequest.getParameter("operateByUser");
        Iterator<String> it = regularUrlMap.get(httpServletRequest.getMethod()).iterator();
        while (it.hasNext()) {
            if (antPathMatcher.match(it.next(), str)) {
                if (StringUtils.isEmpty(parameter)) {
                    LOGGER.debug("This is auto request {}.", StringHelper.replaceBlank(str));
                    return true;
                }
                LOGGER.debug("This is user operation {}.", StringHelper.replaceBlank(str));
                return false;
            }
        }
        return false;
    }

    private void processCatch(ServletResponse servletResponse, String str) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (str.contains(".html")) {
            httpServletResponse.setHeader("Cache-Control", "no-cache");
        }
    }

    private String replaceBlank(String str) {
        return str != null ? Pattern.compile("\\s*|\t|").matcher(Normalizer.normalize(str, Normalizer.Form.NFKC)).replaceAll("").replace(SEPARATOR, "") : "";
    }

    public void destroy() {
    }
}
