package com.datacloudsec.scan.handler;

import com.datacloudsec.exception.UEException;
import com.datacloudsec.scan.entity.User;
import com.datacloudsec.scan.service.IConfig;
import com.datacloudsec.scan.service.IUser;
import com.datacloudsec.scan.service.impl.ConfigService;
import com.datacloudsec.scan.service.impl.UserService;
import com.datacloudsec.scan.tasks.InitSystemTask;
import com.datacloudsec.utils.AES256Util;
import com.datacloudsec.utils.BASE64Util;
import com.datacloudsec.utils.InstanceUtil;
import com.datacloudsec.utils.JsonUtil;
import com.datacloudsec.utils.ObjectUtil;
import com.datacloudsec.utils.SecretUtil;
import java.io.BufferedReader;
import java.io.IOException;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/datacloudsec/scan/handler/AuthServlet.class */
public class AuthServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final Logger LOG = Logger.getLogger(AuthServlet.class);
    private IConfig configService = (IConfig) InstanceUtil.newServiceInstance(ConfigService.class);
    private IUser userService = (IUser) InstanceUtil.newServiceInstance(UserService.class);
    private static final int ZAWS_SUCCESS = 100;
    private static final int ZAWS_FAIL = 200;
    private static final int ZAWS_DEV_DEL_FAIL = 202;

    private Map<String, Object> resultMap(int i, String str, long j, String str2) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("result", Integer.valueOf(i));
        hashMap.put("message", str);
        hashMap.put("timestamp", Long.valueOf(j));
        hashMap.put("token", str2);
        return hashMap;
    }

    private String validateLic(HttpServletRequest httpServletRequest) {
        int valudate = InitSystemTask.licenseApp.valudate();
        if (valudate == 0) {
            return null;
        }
        String str = "许可授权不正确，请联系技术人员";
        if (valudate == 2) {
            str = "许可文件未找到";
        } else if (valudate == 3) {
            str = "许可文件格式错误";
        } else if (valudate == 6) {
            str = "许可授权时间错误";
        } else if (valudate == 7) {
            str = "许可产品码错误";
        } else if (valudate == 8) {
            str = "许可使用次数已用完";
        } else if (valudate == 10) {
            str = "许可非授权给当前机器";
        }
        LOG.error("许可验证未通过，code = " + valudate);
        return str;
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String validateLic = validateLic(httpServletRequest);
        if (validateLic != null) {
            httpServletRequest.setAttribute("err", validateLic);
            try {
                httpServletResponse.getOutputStream().write(JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, validateLic, System.currentTimeMillis(), "")));
            } catch (Exception e) {
                LOG.error("", e);
            }
            httpServletResponse.setContentType("application/json; charset=UTF-8");
            return;
        }
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getRequestURI().lastIndexOf("/") + 1);
        switch (substring.hashCode()) {
            case -1422514823:
                if (substring.equals("add_ID")) {
                    add_ID(httpServletRequest, httpServletResponse);
                    return;
                }
                return;
            case 3143043:
                if (substring.equals("fill")) {
                    fill(httpServletRequest, httpServletResponse);
                    return;
                }
                return;
            case 103149417:
                if (substring.equals("login")) {
                    login(httpServletRequest, httpServletResponse);
                    return;
                }
                return;
            case 1616894900:
                if (substring.equals("add_device")) {
                    add_device(httpServletRequest, httpServletResponse);
                    return;
                }
                return;
            default:
                return;
        }
    }

    private Map<String, Object> getParams(HttpServletRequest httpServletRequest) throws Exception {
        BufferedReader reader = httpServletRequest.getReader();
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = reader.readLine();
            if (readLine == null) {
                break;
            }
            stringBuffer.append(readLine);
        }
        LOG.debug("请求参数：" + stringBuffer.toString());
        if (StringUtils.isBlank(stringBuffer.toString())) {
            throw new UEException("参数不能为空");
        }
        return (Map) JsonUtil.MAPPER_ESCAPE_HTML.readValue(stringBuffer.toString(), Map.class);
    }

    private void add_device(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Map<String, Object> params = getParams(httpServletRequest);
            String string = ObjectUtil.getString(params.get("timestamp"), "");
            String string2 = ObjectUtil.getString(params.get("user"), "");
            String string3 = ObjectUtil.getString(params.get("token"), "");
            if (StringUtils.isBlank(string) || StringUtils.isBlank(string2) || StringUtils.isBlank(string3)) {
                byte[] writeValueAsBytes = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, "参数不能为空", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
                return;
            }
            if (this.userService.getUserByName(string2) == null) {
                byte[] writeValueAsBytes2 = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, "用户【" + string2 + "】不存在", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes2, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes2);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
                return;
            }
            String valueByName = this.configService.getValueByName(String.valueOf(string2) + "_pwd", "123456");
            if (!string3.equalsIgnoreCase(BASE64Util.encodeByte(SecretUtil.digestSha1Byte(String.valueOf(string) + string2 + BASE64Util.encodeByte(SecretUtil.digestSha1Byte(valueByName, SecretUtil.SHA256)) + ((Object) httpServletRequest.getRequestURL()), SecretUtil.SHA256)))) {
                byte[] writeValueAsBytes3 = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, "token验证失败：可能是token未进行URL Encode", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes3, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes3);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
                return;
            }
            long currentTimeMillis = System.currentTimeMillis();
            String encodeByte = BASE64Util.encodeByte(SecretUtil.digestSha1Byte(String.valueOf(ZAWS_SUCCESS) + string + currentTimeMillis + string2 + BASE64Util.encodeByte(SecretUtil.digestSha1Byte(valueByName, SecretUtil.SHA256)), SecretUtil.SHA256));
            this.configService.setValue("timestamp_j", string);
            this.configService.setValue("timestamp_d", new StringBuilder(String.valueOf(currentTimeMillis)).toString());
            this.configService.setValue("zavs_user", string2);
            byte[] writeValueAsBytes4 = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_SUCCESS, "验证成功", currentTimeMillis, encodeByte));
            LOG.error(new String(writeValueAsBytes4, "UTF-8"));
            httpServletResponse.getOutputStream().write(writeValueAsBytes4);
            httpServletResponse.setContentType("application/json; charset=UTF-8");
        } catch (Exception e) {
            LOG.error("", e);
        }
    }

    private void add_ID(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Map<String, Object> params = getParams(httpServletRequest);
            String string = ObjectUtil.getString(params.get("timestamp"), "");
            String string2 = ObjectUtil.getString(params.get("devID"), "");
            String string3 = ObjectUtil.getString(params.get("heart"), "");
            String string4 = ObjectUtil.getString(params.get("logUser"), "");
            String string5 = ObjectUtil.getString(params.get("logPass"), "");
            String string6 = ObjectUtil.getString(params.get("logIP"), "");
            String string7 = ObjectUtil.getString(params.get("logTypeMap"), "");
            String string8 = ObjectUtil.getString(params.get("token"), "");
            String valueByName = this.configService.getValueByName("timestamp_j", "");
            String valueByName2 = this.configService.getValueByName("zavs_user", "");
            String encodeByte = BASE64Util.encodeByte(SecretUtil.digestSha1Byte(String.valueOf(valueByName) + this.configService.getValueByName("timestamp_d", "") + valueByName2 + BASE64Util.encodeByte(SecretUtil.digestSha1Byte(this.configService.getValueByName(String.valueOf(valueByName2) + "_pwd", ""), SecretUtil.SHA256)), SecretUtil.SHA256));
            LOG.error("pwd:" + this.configService.getValueByName(String.valueOf(valueByName2) + "_pwd", ""));
            LOG.error("access_token：【timestamp_j:" + string + ",timestamp_d:" + this.configService.getValueByName("timestamp_d", "") + ",user:" + valueByName2 + ",k:" + BASE64Util.encodeByte(SecretUtil.digestSha1Byte(this.configService.getValueByName(String.valueOf(valueByName2) + "_pwd", ""), SecretUtil.SHA256)) + "】");
            LOG.error("access_token：" + encodeByte);
            String encodeByte2 = BASE64Util.encodeByte(SecretUtil.digestSha1Byte(String.valueOf(string) + encodeByte + string2 + string3 + string6, SecretUtil.SHA256));
            LOG.error("计算出的token：" + encodeByte);
            if (!string8.equalsIgnoreCase(encodeByte2)) {
                byte[] writeValueAsBytes = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, "token验证失败", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
                return;
            }
            this.configService.setValue("access_token", encodeByte);
            this.configService.setValue("devID", string2);
            this.configService.setValue("heart", string3);
            if (StringUtils.isNotBlank(string6)) {
                String str = string6.split("/")[0];
                this.configService.setValue("syslog_ip", str.split(":")[0]);
                this.configService.setValue("syslog_port", str.split(":").length == 2 ? str.split(":")[1] : "514");
            }
            this.configService.setValue("syslog_user", string4);
            this.configService.setValue("syslog_pwd", string5);
            this.configService.setValue("logTypeMap", string7);
            byte[] writeValueAsBytes2 = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_SUCCESS, "设备ID接收成功", System.currentTimeMillis(), ""));
            LOG.error(new String(writeValueAsBytes2, "UTF-8"));
            httpServletResponse.getOutputStream().write(writeValueAsBytes2);
            httpServletResponse.setContentType("application/json; charset=UTF-8");
        } catch (Exception e) {
            LOG.error("", e);
        }
    }

    private void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String string = ObjectUtil.getString(httpServletRequest.getParameter("user"), "");
            String decode = URLDecoder.decode(ObjectUtil.getString(httpServletRequest.getParameter("enpasswd"), ""), "UTF-8");
            if (StringUtils.isBlank(string) || StringUtils.isBlank(decode)) {
                byte[] writeValueAsBytes = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, "用户名或密码不能为空", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
                return;
            }
            User userByName = this.userService.getUserByName(this.configService.getValueByName("zavs_user", ""));
            if (userByName == null) {
                byte[] writeValueAsBytes2 = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, "用户不存在", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes2, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes2);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
                return;
            }
            if (AES256Util.decryptECB(decode, BASE64Util.encodeByte(SecretUtil.digestSha1Byte(this.configService.getValueByName("devID", ""), SecretUtil.SHA256))).equals(this.configService.getValueByName(String.valueOf(string) + "_pwd", "123456"))) {
                this.userService.loginInfo(httpServletRequest, userByName);
                httpServletResponse.sendRedirect("/index.html");
            } else {
                byte[] writeValueAsBytes3 = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, "密码错误", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes3, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes3);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
            }
        } catch (Exception e) {
            LOG.error("", e);
        }
    }

    private void fill(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Map<String, Object> params = getParams(httpServletRequest);
            String string = ObjectUtil.getString(params.get("timestamp"), "");
            String string2 = ObjectUtil.getString(params.get("token"), "");
            String string3 = ObjectUtil.getString(params.get("command"), "");
            String string4 = ObjectUtil.getString(params.get("devID"), "");
            String valueByName = this.configService.getValueByName("access_token");
            String encodeByte = BASE64Util.encodeByte(SecretUtil.digestSha1Byte(String.valueOf(valueByName) + string + string3 + string4, SecretUtil.SHA256));
            LOG.error("access_token:" + valueByName);
            LOG.error("计算出的token：" + valueByName);
            if (!string2.equalsIgnoreCase(encodeByte)) {
                byte[] writeValueAsBytes = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_FAIL, "token验证失败", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
                return;
            }
            if ("delete".equalsIgnoreCase(string3)) {
                this.configService.setValue("access_token", "");
                this.configService.setValue("devID", "");
                this.configService.setValue("heart", "");
                this.configService.setValue("syslog_ip", "");
                this.configService.setValue("syslog_port", "");
                this.configService.setValue("syslog_user", "");
                this.configService.setValue("syslog_pwd", "");
                this.configService.setValue("logTypeMap", "");
                this.configService.setValue("timestamp", "");
                this.configService.setValue("zavs_user", "");
                this.userService.logout(httpServletRequest.getSession());
                byte[] writeValueAsBytes2 = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_SUCCESS, "删除成功", ObjectUtil.getLong(string, 0L).longValue() + serialVersionUID, BASE64Util.encodeByte(SecretUtil.digestSha1Byte(String.valueOf(valueByName) + (ObjectUtil.getLong(string, 0L).longValue() + serialVersionUID) + string4 + ZAWS_SUCCESS, SecretUtil.SHA256))));
                LOG.error(new String(writeValueAsBytes2, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes2);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
            }
        } catch (Exception e) {
            try {
                byte[] writeValueAsBytes3 = JsonUtil.MAPPER_ESCAPE_HTML.writeValueAsBytes(resultMap(ZAWS_DEV_DEL_FAIL, "设备删除失败", System.currentTimeMillis(), ""));
                LOG.error(new String(writeValueAsBytes3, "UTF-8"));
                httpServletResponse.getOutputStream().write(writeValueAsBytes3);
                httpServletResponse.setContentType("application/json; charset=UTF-8");
            } catch (Exception e2) {
            }
            LOG.error("", e);
        }
    }
}
