package shkd.plugin;

import java.io.IOException;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.thirdauth.ThirdSSOAuthHandler;
import kd.bos.login.thirdauth.UserAuthResult;
import kd.bos.login.thirdauth.UserProperType;
import kd.bos.login.utils.StringUtils;
import kd.bos.util.RevProxyUtil;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy;
import org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas10TicketValidator;

public class SSOLoginPugin implements ThirdSSOAuthHandler {
    private static Log logger = LogFactory.getLog(SSOLoginPugin.class);
    private final Protocol protocol;
    private String serverName;
    private String service;
    private boolean encodeServiceUrl;
    private String casSeverLoginUrl;
    Cas10TicketValidator ticketValidator;
    private AuthenticationRedirectStrategy authenticationRedirectStrategy;

    public SSOLoginPugin() {
        this.protocol = Protocol.CAS1;
        this.encodeServiceUrl = true;
        this.authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
    }

    // 该方法是用户没有登录的时候插件需要转移到正确的登录地址
    public void callTrdSSOLogin(HttpServletRequest request, HttpServletResponse response, String backUrl) {
        this.initialServiceData(request);
        if (this.casSeverLoginUrl == null) {
            this.casSeverLoginUrl = this.initCasLoginUrl();
        }

        String urlToRedirectTo = "";
        String path = request.getRequestURI();
        if (path.contains("/auth/logout.do")) {
            urlToRedirectTo = StringUtils.getPathString(this.casSeverLoginUrl) + "logout?service=" + RevProxyUtil.getURLContextPath(request);
        } else {
            String serviceUrl = this.constructServiceUrl(request, response);
            logger.debug(String.format("Constructed service url: %s", serviceUrl));
            urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casSeverLoginUrl, this.getProtocol().getServiceParameterName(), serviceUrl, false, false, (String) null);
        }

        logger.debug(String.format("redirecting to \"%s\"", urlToRedirectTo));

        try {
            this.authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);
        } catch (IOException var7) {
            var7.printStackTrace();
        }

    }

    public String initCasLoginUrl() {
        String configLoginUrl = System.getProperty("cas.sso.ca10.loginurl");
        if (configLoginUrl == null) {
            logger.error("没有配置 sso 登录cas.sso.ca10.loginurl");
        }

        return configLoginUrl;
    }

    // 该方法实现第三发插件认证及认证结果的返回
    public UserAuthResult getTrdSSOAuth(HttpServletRequest request, HttpServletResponse response) {
        UserAuthResult result = new UserAuthResult();
        result.setSucess(false);
        result.setUserType(UserProperType.UserName);
        this.initialServiceData(request);
        if (this.casSeverLoginUrl == null) {
            this.casSeverLoginUrl = this.initCasLoginUrl();
        }

        String ticket = this.retrieveTicketFromRequest(request);
        if (CommonUtils.isNotBlank(ticket)) {
            try {
                logger.debug(String.format("Attempting to validate ticket: %s", ticket));
                if (this.ticketValidator == null) {
                    this.ticketValidator = new Cas10TicketValidator(this.casSeverLoginUrl);
                }

                String userName = null;
                Assertion assertion = this.ticketValidator.validate(ticket, this.constructServiceUrl(request, response));
                logger.debug(String.format("Successfully authenticated user: %s", assertion.getPrincipal().getName()));
                if (assertion != null) {
                    userName = assertion.getPrincipal().getName();
                    result.setUser(userName);
                    result.setSucess(true);
                }
            } catch (Exception var7) {
                logger.error(var7);
            }
        }

        return result;
    }

    public void initialServiceData(HttpServletRequest request) {
        if (this.serverName == null) {
            this.serverName = RevProxyUtil.getURLContextPath(request);
        }

        if (this.service == null) {
            this.service = this.serverName + "index.html";
        }

    }

    protected final String constructServiceUrl(HttpServletRequest request, HttpServletResponse response) {
        return CommonUtils.constructServiceUrl(request, response, this.service, this.serverName, this.protocol.getServiceParameterName(), this.protocol.getArtifactParameterName(), this.encodeServiceUrl);
    }

    public final void setServerName(String serverName) {
        if (serverName != null && serverName.endsWith("/")) {
            this.serverName = serverName.substring(0, serverName.length() - 1);
            logger.info(String.format("Eliminated extra slash from serverName [%s].  It is now [%s]", serverName, this.serverName));
        } else {
            this.serverName = serverName;
        }

    }

    public final void setService(String service) {
        this.service = service;
    }

    public final void setEncodeServiceUrl(boolean encodeServiceUrl) {
        this.encodeServiceUrl = encodeServiceUrl;
    }

    protected Protocol getProtocol() {
        return this.protocol;
    }

    protected String retrieveTicketFromRequest(HttpServletRequest request) {
        return CommonUtils.safeGetParameter(request, this.protocol.getArtifactParameterName(), Arrays.asList(this.protocol.getArtifactParameterName()));
    }
}