package com.seeyon.ctp.common.controller;

import com.seeyon.ctp.common.AppContext;
import com.seeyon.ctp.common.SystemEnvironment;
import com.seeyon.ctp.common.authenticate.domain.User;
import com.seeyon.ctp.common.constants.Constants;
import com.seeyon.ctp.common.exceptions.BusinessException;
import com.seeyon.ctp.util.BooleanBinder;
import com.seeyon.ctp.util.DateBinder;
import com.seeyon.ctp.util.NumberBinder;
import com.thoughtworks.xstream.XStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.validation.Validator;
import org.springframework.web.bind.ServletRequestDataBinder;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.mvc.multiaction.MultiActionController;
import org.springframework.web.servlet.mvc.multiaction.NoSuchRequestHandlingMethodException;

/* loaded from: input_file:com/seeyon/ctp/common/controller/BaseController.class */
public abstract class BaseController extends MultiActionController {
    public static final String REDIRECT_BACK = "-BACK-";
    public static final String DATA_NO_EXISTS = "NoExists";
    public static final String MATCH_ALL = "*";
    public static final String POLICY_ALLOW = "allow";
    public static final String POLICY_LOG = "log";
    public static final String POLICY_REJECT = "reject";
    boolean configLoaded = false;
    public static Map<String, Set<String>> needlessUrlMap = new HashMap();
    public static Map<String, Set<String>> needlessClassMap = new HashMap();
    public static Map<String, AccessPolicy> rulePolicyMap = new HashMap();
    private static final Set<String> WHITE_LIST = new HashSet(Arrays.asList("ajaxColManager_colDelLock", "ajaxEdocSummaryManager_deleteUpdateObj", "ajaxEdocManager_ajaxCheckNodeHasExchangeType", "ajaxEdocSummaryManager_deleteUpdateRecieveObj"));

    /* loaded from: input_file:com/seeyon/ctp/common/controller/BaseController$AccessPolicy.class */
    public static class AccessPolicy {
        Set<String> methods;
        String policy;

        AccessPolicy(Set<String> set, String str) {
            this.methods = set;
            this.policy = str;
        }
    }

    /* loaded from: input_file:com/seeyon/ctp/common/controller/BaseController$CtpView.class */
    private static final class CtpView implements View {
        private final String content;

        private CtpView(String str) {
            this.content = str;
        }

        public void render(Map<String, ?> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
            httpServletResponse.setHeader("Pragma", "No-cache");
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setDateHeader("Expires", 0L);
            httpServletResponse.setContentType("text/html;charset=UTF-8");
            httpServletResponse.getWriter().print(this.content);
        }

        public String getContentType() {
            return "text/html;charset=UTF-8";
        }
    }

    /* loaded from: input_file:com/seeyon/ctp/common/controller/BaseController$NeedlessLoginBean.class */
    public static class NeedlessLoginBean {
        String id;
        List<String> methods;
        String name;

        public List<String> getMethods() {
            return this.methods;
        }

        public void setMethods(List<String> list) {
            this.methods = list;
        }

        public String getId() {
            return this.id;
        }

        public void setId(String str) {
            this.id = str;
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }
    }

    /* loaded from: input_file:com/seeyon/ctp/common/controller/BaseController$WeekPwdCheckBean.class */
    public static class WeekPwdCheckBean {
        String id;
        List<String> methods;
        String name;
        String policy;

        public List<String> getMethods() {
            return this.methods;
        }

        public void setMethods(List<String> list) {
            this.methods = list;
        }

        public String getId() {
            return this.id;
        }

        public void setId(String str) {
            this.id = str;
        }

        public String getName() {
            return this.name;
        }

        public void setName(String str) {
            this.name = str;
        }

        public String getPolicy() {
            return this.policy;
        }

        public void setPolicy(String str) {
            this.policy = str;
        }
    }

    public ModelAndView index(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        return null;
    }

    protected void printV3XJS(PrintWriter printWriter) {
        printWriter.println("<script type=\"text/javascript\" charset=\"UTF-8\" src=\"" + SystemEnvironment.getContextPath() + "/common/js/V3X.js\"></script>");
    }

    protected void printV3XJS(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        printV3XJS(httpServletResponse.getWriter());
    }

    protected void infoCloseOrFresh(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        PrintWriter writer = httpServletResponse.getWriter();
        printV3XJS(writer);
        writer.println("<script>");
        writer.println("alert(\"" + StringEscapeUtils.escapeEcmaScript(str) + "\")");
        writer.println("if(window.dialogArguments){");
        writer.println("  window.returnValue = \"true\";");
        writer.println("  window.close();");
        writer.println("}else{");
        writer.println("  parent.getA8Top().reFlesh();");
        writer.println("}");
        writer.println(Constants.DEFAULT_EMPTY_STRING);
        writer.println("</script>");
    }

    protected void initBinder(HttpServletRequest httpServletRequest, ServletRequestDataBinder servletRequestDataBinder) throws Exception {
        servletRequestDataBinder.registerCustomEditor(Date.class, new DateBinder(true));
        servletRequestDataBinder.registerCustomEditor(Integer.class, new NumberBinder(Integer.class, true));
        servletRequestDataBinder.registerCustomEditor(Double.class, new NumberBinder(Double.class, true));
        servletRequestDataBinder.registerCustomEditor(Long.class, new NumberBinder(Long.class, true));
        servletRequestDataBinder.registerCustomEditor(Boolean.class, new BooleanBinder(true));
    }

    protected void preBind(HttpServletRequest httpServletRequest, Object obj, ServletRequestDataBinder servletRequestDataBinder) throws Exception {
    }

    protected String getCommandName(Object obj) {
        return StringUtils.uncapitalize(obj.getClass().getSimpleName());
    }

    protected void addValidator(Validator validator) {
        ArrayUtils.add(getValidators(), validator);
    }

    protected void rendText(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(str);
        writer.close();
    }

    protected void rendHtml(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(str);
        writer.close();
    }

    protected void rendJavaScript(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<script type=\"text/javascript\">");
        writer.println(str);
        writer.println("</script>");
        writer.close();
    }

    protected void rendJavaScriptUnclose(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<script type=\"text/javascript\">");
        writer.println(str);
        writer.println("</script>");
        writer.flush();
    }

    protected ModelAndView redirectModelAndView(String str) {
        return new ModelAndView("common/redirect", "redirectURL", str);
    }

    protected ModelAndView redirectModelAndView(String str, String str2) {
        ModelAndView modelAndView = new ModelAndView("common/redirect");
        modelAndView.addObject("redirectURL", str);
        modelAndView.addObject("location", str2);
        return modelAndView;
    }

    protected ModelAndView refreshWorkspace() {
        return new ModelAndView("common/refresh");
    }

    protected ModelAndView refreshWindow(String str) {
        return new ModelAndView("common/refreshWindow").addObject("windowObj", str);
    }

    protected ModelAndView refreshWindow(String str, String str2) {
        return new ModelAndView("common/refreshWindow").addObject("windowObj", str).addObject("jsScript", str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void noCache(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setHeader("Pragrma", "no-cache");
        httpServletResponse.setDateHeader("Expires", 0L);
    }

    protected ModelAndView buildView(String str) {
        ModelAndView modelAndView = new ModelAndView();
        modelAndView.setView(new CtpView(str));
        return modelAndView;
    }

    protected ModelAndView redirect(String str) {
        return new ModelAndView(new RedirectView(str));
    }

    protected ModelAndView forward(String str) {
        return new ModelAndView(new ForwardView(str));
    }

    protected ModelAndView handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        try {
            String handlerMethodName = getMethodNameResolver().getHandlerMethodName(httpServletRequest);
            if (!recheck(handlerMethodName, httpServletRequest)) {
                logAccessReject(httpServletRequest);
                BusinessException businessException = new BusinessException("NeedLess check login failed,Access Forbidden ");
                businessException.setCode("invalid_resource_code");
                throw businessException;
            }
            ModelAndView invokeNamedMethod = invokeNamedMethod(handlerMethodName, httpServletRequest, httpServletResponse);
            if (afterCheck(handlerMethodName, httpServletRequest)) {
                return invokeNamedMethod;
            }
            logAccessReject(httpServletRequest);
            BusinessException businessException2 = new BusinessException("Your Password is too weak!!!!!!!!!!!!!!");
            businessException2.setCode("invalid_resource_code");
            throw businessException2;
        } catch (NoSuchRequestHandlingMethodException e) {
            return handleNoSuchRequestHandlingMethod(e, httpServletRequest, httpServletResponse);
        }
    }

    private boolean afterCheck(String str, HttpServletRequest httpServletRequest) {
        int i;
        try {
            HttpSession session = httpServletRequest.getSession(false);
            if (session == null) {
                return true;
            }
            initIfPossible();
            AccessPolicy accessPolicy = rulePolicyMap.get(getClass().getName());
            if (accessPolicy == null || !accessPolicy.methods.contains(str)) {
                return true;
            }
            String str2 = null;
            try {
                str2 = String.valueOf(session.getAttribute("login_validatePwdStrength"));
            } catch (Exception e) {
            }
            if (str2 == null || str2.trim().length() == 0) {
                return true;
            }
            try {
                i = Integer.valueOf(str2).intValue();
            } catch (NumberFormatException e2) {
                i = 4;
            }
            if (i > 1) {
                return true;
            }
            User currentUser = AppContext.getCurrentUser();
            String remoteAddr = httpServletRequest.getRemoteAddr();
            String loginName = currentUser != null ? currentUser.getLoginName() : Constants.DEFAULT_EMPTY_STRING;
            if (POLICY_REJECT.equals(accessPolicy.policy)) {
                logWeak(accessPolicy.policy, loginName, remoteAddr);
                return false;
            }
            if (!POLICY_LOG.equals(accessPolicy.policy)) {
                return true;
            }
            logWeak(accessPolicy.policy, loginName, remoteAddr);
            return true;
        } catch (Exception e3) {
            return true;
        }
    }

    private void logWeak(String str, String str2, String str3) {
        LogFactory.getLog("login").info(str + "/Weak Password found for:" + str2 + ":" + str3);
    }

    private void logAccessReject(HttpServletRequest httpServletRequest) {
        LogFactory.getLog("login").info("[Access Reject] ==>" + getQueryString(httpServletRequest));
    }

    private void logAccessURL(HttpServletRequest httpServletRequest) {
    }

    private String getQueryString(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI() + "?" + httpServletRequest.getQueryString();
    }

    private void initIfPossible() {
        if (this.configLoaded) {
            return;
        }
        synchronized (MultiActionController.class) {
            loadConfig();
            loadRuleConfig();
            this.configLoaded = true;
        }
    }

    public String getUri(HttpServletRequest httpServletRequest) throws BusinessException {
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.matches(".*?/{2,}.*?")) {
            throw new BusinessException("url格式错误有超过2个以上的'/'" + requestURI);
        }
        int indexOf = requestURI.indexOf(59);
        return requestURI.substring(httpServletRequest.getContextPath().length(), indexOf == -1 ? requestURI.length() : indexOf);
    }

    protected boolean recheck(String str, HttpServletRequest httpServletRequest) {
        User currentUser = AppContext.getCurrentUser();
        initIfPossible();
        String name = getClass().getName();
        String requestURI = httpServletRequest.getRequestURI();
        if ("com.seeyon.ctp.common.service.AjaxController".equals(name)) {
            try {
                String uri = getUri(httpServletRequest);
                if (!uri.equals(URLDecoder.decode(uri, "UTF-8"))) {
                    return false;
                }
                if (!"/ajax.do".equals(uri)) {
                    return false;
                }
            } catch (Exception e) {
                return false;
            }
        }
        if (requestURI.endsWith("ajax.do") || "com.seeyon.ctp.common.service.AjaxController".equals(name)) {
            String parameter = httpServletRequest.getParameter("managerName");
            if (parameter == null || parameter.trim().equals(Constants.DEFAULT_EMPTY_STRING)) {
                return true;
            }
            if ("formulaManager".equals(parameter.trim()) && (currentUser == null || currentUser.isGuest().booleanValue())) {
                return false;
            }
        } else if ("com.seeyon.ctp.common.fileupload.FileUploadController".equals(name) && (("processUpload".equals(str) || "processUploadH5".equals(str)) && (currentUser == null || currentUser.isGuest().booleanValue()))) {
            return false;
        }
        if (currentUser != null) {
            return true;
        }
        if (isInNeedlessCheckList(requestURI)) {
            Set<String> set = needlessClassMap.get(name);
            if (set == null) {
                return false;
            }
            return set.contains(MATCH_ALL) || set.contains(str);
        }
        if (!"com.seeyon.ctp.common.service.AjaxController".equals(name) || isInNeedlessCheckAjax(httpServletRequest.getParameter("managerName"), httpServletRequest.getParameter("managerMethod"))) {
            return true;
        }
        String parameter2 = httpServletRequest.getParameter("S");
        String parameter3 = httpServletRequest.getParameter("M");
        return parameter2 == null || parameter3 == null || !WHITE_LIST.contains(new StringBuilder().append(parameter2).append("_").append(parameter3).toString());
    }

    private boolean isInNeedlessCheckAjax(String str, String str2) {
        Set<String> set = needlessUrlMap.get(str);
        if (set != null) {
            return set.contains(str2);
        }
        return false;
    }

    private boolean isInNeedlessCheckList(String str) {
        Iterator<String> it = needlessUrlMap.keySet().iterator();
        while (it.hasNext()) {
            if (str.indexOf(it.next()) != -1) {
                return true;
            }
        }
        return false;
    }

    private void loadConfig() {
        XStream xStream = new XStream();
        try {
            XStream.setupDefaultSecurity(xStream);
        } catch (Exception e) {
        }
        try {
            xStream.allowTypes(new Class[]{NeedlessLoginBean.class});
        } catch (Throwable th) {
        }
        xStream.aliasType("bean", NeedlessLoginBean.class);
        xStream.aliasType("beans", ArrayList.class);
        xStream.aliasType("method", String.class);
        try {
            for (NeedlessLoginBean needlessLoginBean : (List) xStream.fromXML(new ClassPathResource("needless_check_login_recheck.xml").getInputStream())) {
                if (needlessLoginBean.getId() != null && needlessLoginBean.getMethods() != null) {
                    HashSet hashSet = new HashSet();
                    Iterator<String> it = needlessLoginBean.getMethods().iterator();
                    while (it.hasNext()) {
                        hashSet.add(it.next());
                    }
                    needlessUrlMap.put(needlessLoginBean.getId(), hashSet);
                    if (needlessLoginBean.getName() != null) {
                        needlessClassMap.put(needlessLoginBean.getName(), hashSet);
                    }
                }
            }
        } catch (IOException e2) {
            this.logger.error("MultiActionController process needless_check_login_recheck.xml  failed", e2);
        }
    }

    private void loadRuleConfig() {
        XStream xStream = new XStream();
        try {
            XStream.setupDefaultSecurity(xStream);
        } catch (Exception e) {
        }
        try {
            xStream.allowTypes(new Class[]{WeekPwdCheckBean.class});
        } catch (Throwable th) {
        }
        xStream.aliasType("rule", WeekPwdCheckBean.class);
        xStream.aliasType("rules", ArrayList.class);
        xStream.aliasType("method", String.class);
        try {
            for (WeekPwdCheckBean weekPwdCheckBean : (List) xStream.fromXML(new ClassPathResource("weak_password_rule.xml").getInputStream())) {
                if (weekPwdCheckBean.getId() != null && weekPwdCheckBean.getMethods() != null) {
                    HashSet hashSet = new HashSet();
                    Iterator<String> it = weekPwdCheckBean.getMethods().iterator();
                    while (it.hasNext()) {
                        hashSet.add(it.next());
                    }
                    rulePolicyMap.put(weekPwdCheckBean.getName(), new AccessPolicy(hashSet, weekPwdCheckBean.getPolicy()));
                }
            }
        } catch (IOException e2) {
            this.logger.error("MultiActionController process weak_password_rule.xml  failed", e2);
        }
    }
}
