package kd.bos.eye.api.thirdauth;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import kd.bos.bundle.BosRes;
import kd.bos.eye.api.alarm.AlarmConfigHandler;
import kd.bos.eye.api.alarm.db.AlarmConfigDbHelper;
import kd.bos.eye.api.log.LogQueryUtils;
import kd.bos.eye.api.unifiedmetrics.prometheus.pojo.PromResponse;
import kd.bos.eye.auth.EyeAuther;
import kd.bos.eye.auth.SessionStore;
import kd.bos.eye.auth.third.DefaultTokenCheckPlugin;
import kd.bos.eye.config.EyeConfigKeys;
import kd.bos.eye.util.ApiResponse;
import kd.bos.eye.util.ExchangeVueUtils;
import kd.bos.instance.Instance;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.util.JSONUtils;
import kd.bos.util.StringUtils;

/* loaded from: input_file:kd/bos/eye/api/thirdauth/ThirdAuthHandler.class */
public class ThirdAuthHandler implements HttpHandler {
    private final Log logger = LogFactory.getLog(ThirdAuthHandler.class);
    public static final ThirdAuthHandler instance = new ThirdAuthHandler();
    private static final String HOME_URL = "/monitor/eye/#/thirdAuth";
    private static final String PLUGIN_PREFIX = "monitor.auth.plugin";
    private static final String URL_SUFFIX = "url";
    private static final String DEFAULT_PLUGIN = "default";

    public void handle(HttpExchange httpExchange) throws IOException {
        Map<String, String> parseParameters = ExchangeVueUtils.parseParameters(httpExchange);
        if (!parseParameters.containsKey(AuthRequestInfo.TOKEN) && EyeAuther.check(httpExchange)) {
            ApiResponse apiResponse = new ApiResponse();
            HashMap hashMap = new HashMap();
            hashMap.put("clusterName", Instance.getClusterName());
            hashMap.put("webPort", Integer.getInteger(EyeConfigKeys.KEY_HTTPSERVER_PORT));
            hashMap.put("circuitbreaker", System.getProperty("circuitbreaker.type", "nothing").toLowerCase());
            hashMap.put("traceType", System.getProperty("gov.trace.reporter.type", "sword").toLowerCase());
            apiResponse.setCode(0);
            apiResponse.setData(hashMap);
            apiResponse.setMsg(PromResponse.STATUS_SUCCESS);
            writeJson(JSONUtils.toString(apiResponse), httpExchange, EyeAuther.getToken(httpExchange));
            return;
        }
        AuthResponseInfo authResponseInfo = new AuthResponseInfo();
        AuthRequestInfo authRequestInfo = new AuthRequestInfo(parseParameters.get("user"), parseParameters.get(AuthRequestInfo.ROLE), parseParameters.get(AuthRequestInfo.SOURCE), parseParameters.get(AuthRequestInfo.TOKEN), parseParameters.get(AuthRequestInfo.CONTEXT));
        if (!authRequestInfo.isComplete()) {
            sendParamsError(authResponseInfo, httpExchange);
            return;
        }
        String property = System.getProperty("monitor.auth.plugin." + authRequestInfo.getSource(), DEFAULT_PLUGIN);
        if (!property.equals(DEFAULT_PLUGIN)) {
            try {
                if (!checkByThridPlugin(Class.forName(property), parseParameters)) {
                    sendCheckError(authResponseInfo, httpExchange);
                    return;
                }
            } catch (ClassNotFoundException e) {
                sendClassNotFoundError(authResponseInfo, httpExchange, e);
                return;
            }
        } else if (System.getProperty("monitor.auth.plugin." + authRequestInfo.getSource() + "." + URL_SUFFIX) == null) {
            sendAuthUrlError(authResponseInfo, httpExchange);
            return;
        } else if (!new DefaultTokenCheckPlugin().check(parseParameters)) {
            sendCheckError(authResponseInfo, httpExchange);
            return;
        }
        success(httpExchange, authRequestInfo);
    }

    private void sendParamsError(AuthResponseInfo authResponseInfo, HttpExchange httpExchange) throws IOException {
        authResponseInfo.setCode(AlarmConfigDbHelper.ONE_STR);
        authResponseInfo.setMessage(BosRes.get("bos-eye", "ThirdAuthHandler_0", "参数错误", new Object[0]));
        writeJson(JSONUtils.toString(authResponseInfo), httpExchange, null);
    }

    private void sendAuthUrlError(AuthResponseInfo authResponseInfo, HttpExchange httpExchange) throws IOException {
        authResponseInfo.setCode(AlarmConfigDbHelper.ONE_STR);
        authResponseInfo.setMessage(BosRes.get("bos-eye", "ThirdAuthHandler_1", "Token校验的HTTP接口未配置", new Object[0]));
        writeJson(JSONUtils.toString(authResponseInfo), httpExchange, null);
    }

    private void sendCheckError(AuthResponseInfo authResponseInfo, HttpExchange httpExchange) throws IOException {
        authResponseInfo.setCode(AlarmConfigDbHelper.ONE_STR);
        authResponseInfo.setMessage(BosRes.get("bos-eye", "ThirdAuthHandler_2", "Token校验失败", new Object[0]));
        writeJson(JSONUtils.toString(authResponseInfo), httpExchange, null);
    }

    private void sendClassNotFoundError(AuthResponseInfo authResponseInfo, HttpExchange httpExchange, Exception exc) throws IOException {
        authResponseInfo.setCode(AlarmConfigDbHelper.ONE_STR);
        authResponseInfo.setMessage(BosRes.get("bos-eye", "ThirdAuthHandler_3", "校验插件不存在", new Object[0]) + "Eeception: " + exc);
        writeJson(JSONUtils.toString(authResponseInfo), httpExchange, null);
    }

    private boolean checkByThridPlugin(Class<?> cls, Map<String, String> map) {
        boolean z = false;
        try {
            z = ((Boolean) cls.getMethod("check", Map.class).invoke(cls.newInstance(), map)).booleanValue();
        } catch (Exception e) {
            this.logger.error("Method invoke is fialed.", e);
        }
        return z;
    }

    protected void writeJson(String str, HttpExchange httpExchange, String str2) throws IOException {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        httpExchange.getResponseHeaders().set("Content-Type", "text/json; charset=UTF-8");
        httpExchange.sendResponseHeaders(202, bytes.length);
        if (StringUtils.isNotEmpty(str2)) {
            httpExchange.getResponseHeaders().add(EyeAuther.CSRF_TOKEN, EyeAuther.getCsrfToken(str2));
        }
        httpExchange.getResponseBody().write(bytes);
        httpExchange.close();
    }

    private void success(HttpExchange httpExchange, AuthRequestInfo authRequestInfo) throws IOException {
        writeSession(authRequestInfo);
        httpExchange.getResponseHeaders().add("Set-Cookie", EyeAuther.AUTH_TOKEN + "=" + authRequestInfo.getToken() + ";path=/");
        httpExchange.getResponseHeaders().add("Location", (StringUtils.isEmpty(authRequestInfo.getContext()) ? LogQueryUtils.EMPTY_STR : "/" + authRequestInfo.getContext()) + HOME_URL);
        httpExchange.sendResponseHeaders(302, -1L);
        httpExchange.close();
    }

    private void writeSession(AuthRequestInfo authRequestInfo) {
        HashMap hashMap = new HashMap();
        String randomWord = StringUtils.randomWord(32);
        hashMap.put("user", authRequestInfo.getUser());
        hashMap.put(AuthRequestInfo.ROLE, authRequestInfo.getRole());
        hashMap.put(AuthRequestInfo.SOURCE, authRequestInfo.getSource());
        hashMap.put(AuthRequestInfo.TOKEN, authRequestInfo.getToken());
        hashMap.put(EyeAuther.CSRF_TOKEN, randomWord);
        hashMap.put("logintype", "ierp");
        hashMap.put("isFirstLogin", AlarmConfigHandler.FALSE_STR);
        hashMap.put("isExpired", AlarmConfigHandler.FALSE_STR);
        SessionStore.get().store(authRequestInfo.getToken(), hashMap);
    }
}
