package cn.edu.carsi.idp.externalauth;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.idp.authn.ExternalAuthentication;
import net.shibboleth.idp.authn.ExternalAuthenticationException;
import net.shibboleth.idp.authn.principal.IdPAttributePrincipal;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import org.jasig.cas.client.util.CommonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.core.env.Environment;
import org.springframework.web.context.WebApplicationContext;

@WebServlet(name = "ShibWechatAuthServlet", urlPatterns = {"/Authn/External/*"})
/* loaded from: input_file:cn/edu/carsi/idp/externalauth/ShibWechatAuthServlet.class */
public class ShibWechatAuthServlet extends ShibBaseAuthServlet {
    private final Logger logger = LoggerFactory.getLogger(ShibWechatAuthServlet.class);
    private static final long serialVersionUID = 1;
    private static final String artifactParameterName = "code";
    private static final String serviceParameterName = "redirect_uri";
    private String serverName;
    private String oauth2LoginUrl;
    private String oauth2LoginUrlh5;
    private String oauth2TokenUrl;
    private String oauth2ResourceUrl;
    private String clientId;
    private String clientSecret;
    private String getUserUrl;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, artifactParameterName);
            String startExternalAuthentication = ExternalAuthentication.startExternalAuthentication(httpServletRequest);
            if (safeGetParameter != null && !safeGetParameter.isEmpty()) {
                validateWechatTicket(httpServletRequest, httpServletResponse, safeGetParameter, startExternalAuthentication);
            } else {
                this.logger.debug("ticket is not set; initiating Wechat login redirect");
                startLoginRequest(httpServletRequest, httpServletResponse);
            }
        } catch (ExternalAuthenticationException e) {
            this.logger.warn("Error processing ShibWechat authentication request", e);
            loadErrorPage(httpServletRequest, httpServletResponse);
        } catch (Exception e2) {
            this.logger.error("Something unexpected happened", e2);
            httpServletRequest.setAttribute("authnError", "AuthenticationException");
        }
    }

    protected void startLoginRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse);
            this.logger.debug("serviceUrl: {}", constructServiceUrl);
            String header = httpServletRequest.getHeader("user-agent");
            this.logger.debug("userAgent: {}", header);
            String constructRedirectUrl = constructRedirectUrl(constructServiceUrl, header);
            this.logger.debug("loginUrl: {}", constructRedirectUrl);
            httpServletResponse.sendRedirect(constructRedirectUrl);
        } catch (IOException e) {
            this.logger.error("Unable to redirect to Wechat from ShibCarsi");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r9v0, types: [cn.edu.carsi.idp.externalauth.ShibWechatAuthServlet] */
    private void validateWechatTicket(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        JSONObject jSONObject;
        String str3 = "";
        Map hashMap = new HashMap();
        String token = getToken();
        JSONObject parseObject = JSON.parseObject(httpGetUrl(this.oauth2ResourceUrl + "?access_token=" + token + "&code=" + str));
        this.logger.debug("validateWechatTicket: useridmap: {}", parseObject);
        String string = parseObject.getString("UserId");
        if (string != null) {
            str3 = string;
            JSONObject parseObject2 = JSON.parseObject(httpGetUrl(this.getUserUrl + "?access_token=" + token + "&userid=" + str3));
            this.logger.debug("validateWechatTicket: userinfomap: {}", parseObject2);
            if (parseObject2.containsKey("name") && parseObject2.getString("name").length() != 0) {
                hashMap.put("name", parseObject2.getString("name"));
            }
            if (parseObject2.containsKey("userid") && parseObject2.getString("userid").length() != 0) {
                hashMap.put("userid", parseObject2.getString("userid"));
            }
            if (parseObject2.containsKey("email") && parseObject2.getString("email").length() != 0) {
                hashMap.put("email", parseObject2.getString("email"));
            }
            if (parseObject2.containsKey("extattr") && (jSONObject = parseObject2.getJSONObject("extattr")) != null && jSONObject.containsKey("attrs")) {
                JSONArray jSONArray = jSONObject.getJSONArray("attrs");
                this.logger.debug(jSONArray.toJSONString());
                Iterator it = jSONArray.iterator();
                while (it.hasNext()) {
                    JSONObject jSONObject2 = (JSONObject) it.next();
                    String string2 = jSONObject2.getString("name");
                    String string3 = jSONObject2.getString("value");
                    if (string3.length() != 0) {
                        if (string2.equals("carsi_id")) {
                            hashMap.put("userid", string3);
                        } else if (string2.equals("carsi_af")) {
                            hashMap.put("carsi_af", string3);
                        }
                    }
                }
            }
            this.logger.debug("validateWechatTicket: attributes before plugin mapping: {}", hashMap);
            hashMap = mapAttrs(hashMap);
            this.logger.debug("validateWechatTicket: attributes after plugin mapping: {}", hashMap);
        }
        this.logger.info("Wechat user login succeed, username: {}.", str3);
        Collection<IdPAttributePrincipal> produceIdpAttributePrincipal = produceIdpAttributePrincipal(hashMap);
        if (produceIdpAttributePrincipal.isEmpty()) {
            httpServletRequest.setAttribute("principal_name", str3);
        } else {
            HashSet hashSet = new HashSet();
            hashSet.addAll(produceIdpAttributePrincipal);
            hashSet.add(new UsernamePrincipal(str3));
            httpServletRequest.setAttribute("subject", new Subject(false, hashSet, Collections.emptySet(), Collections.emptySet()));
        }
        httpServletRequest.setAttribute("doNotCache", "false");
        returnToIdP(str2, httpServletRequest, httpServletResponse, hashMap);
    }

    protected String constructServiceUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return CommonUtils.constructServiceUrl(httpServletRequest, httpServletResponse, (String) null, this.serverName, serviceParameterName, artifactParameterName, true);
    }

    private String constructRedirectUrl(String str, String str2) {
        boolean z = false;
        if (str2 == null) {
            z = false;
        } else if (str2.contains("wxwork")) {
            z = true;
        }
        this.logger.debug("isApp: {}", Boolean.valueOf(z));
        return CommonUtils.constructRedirectUrl(z ? this.oauth2LoginUrlh5 : this.oauth2LoginUrl, serviceParameterName, str, false, false, (String) null) + "#wechat_redirect";
    }

    private String getToken() {
        return JSON.parseObject(httpGetUrl(this.oauth2TokenUrl + "?corpid=" + this.clientId + "&corpsecret=" + this.clientSecret)).getString("access_token");
    }

    private Map<String, Object> mapAttrs(Map<String, Object> map) {
        return map;
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        parseProperties(((ApplicationContext) servletConfig.getServletContext().getAttribute(WebApplicationContext.ROOT_WEB_APPLICATION_CONTEXT_ATTRIBUTE)).getEnvironment());
    }

    protected void parseProperties(Environment environment) {
        this.logger.debug("reading properties from the idp.properties file");
        this.serverName = environment.getRequiredProperty("shibcarsi.serverName");
        this.logger.debug("shibcarsi.serverName: {}", this.serverName);
        this.oauth2LoginUrl = environment.getRequiredProperty("shibcarsi.wechat.oauth2LoginUrl");
        this.logger.debug("shibcarsi.wechat.oauth2LoginUrl: {}", this.oauth2LoginUrl);
        this.oauth2LoginUrlh5 = environment.getRequiredProperty("shibcarsi.wechat.oauth2LoginUrlh5");
        this.logger.debug("shibcarsi.wechat.oauth2LoginUrlh5: {}", this.oauth2LoginUrlh5);
        this.oauth2TokenUrl = environment.getRequiredProperty("shibcarsi.wechat.oauth2TokenUrl");
        this.logger.debug("shibcarsi.wechat.oauth2TokenUrl: {}", this.oauth2TokenUrl);
        this.oauth2ResourceUrl = environment.getRequiredProperty("shibcarsi.wechat.oauth2ResourceUrl");
        this.logger.debug("shibcarsi.wechat.oauth2ResourceUrl: {}", this.oauth2ResourceUrl);
        this.getUserUrl = environment.getRequiredProperty("shibcarsi.wechat.oauth2GetUserUrl");
        this.logger.debug("shibcarsi.wechat.oauth2GetUserUrl: {}", this.getUserUrl);
        this.clientId = environment.getRequiredProperty("shibcarsi.wechat.oauth2clientid");
        this.logger.debug("shibcarsi.wechat.oauth2clientid: {}", this.clientId);
        this.clientSecret = environment.getRequiredProperty("shibcarsi.wechat.oauth2clientsecret");
        this.logger.debug("shibcarsi.wechat.oauth2clientsecret: {}", this.clientSecret);
    }
}
