package org.shoulder.crypto.negotiation.support.server;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.shoulder.core.dto.response.BaseResult;
import org.shoulder.core.util.JsonUtils;
import org.shoulder.crypto.negotiation.cache.NegotiationResultCache;
import org.shoulder.crypto.negotiation.cache.TransportCipherHolder;
import org.shoulder.crypto.negotiation.cipher.DefaultTransportCipher;
import org.shoulder.crypto.negotiation.constant.NegotiationConstants;
import org.shoulder.crypto.negotiation.dto.NegotiationResult;
import org.shoulder.crypto.negotiation.exception.NegotiationErrorCodeEnum;
import org.shoulder.crypto.negotiation.support.Sensitive;
import org.shoulder.crypto.negotiation.util.TransportCryptoUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:org/shoulder/crypto/negotiation/support/server/SensitiveRequestDecryptHandlerInterceptor.class */
public class SensitiveRequestDecryptHandlerInterceptor extends HandlerInterceptorAdapter {
    private static final Logger log = LoggerFactory.getLogger(SensitiveRequestDecryptHandlerInterceptor.class);
    private NegotiationResultCache negotiationResultCache;
    private TransportCryptoUtil transportCryptoUtil;

    public SensitiveRequestDecryptHandlerInterceptor(NegotiationResultCache negotiationResultCache, TransportCryptoUtil transportCryptoUtil) {
        this.negotiationResultCache = negotiationResultCache;
        this.transportCryptoUtil = transportCryptoUtil;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod) || ((Sensitive) ((HandlerMethod) obj).getMethod().getAnnotation(Sensitive.class)) == null) {
            return true;
        }
        String header = httpServletRequest.getHeader(NegotiationConstants.SECURITY_SESSION_ID);
        String header2 = httpServletRequest.getHeader(NegotiationConstants.SECURITY_DATA_KEY);
        String header3 = httpServletRequest.getHeader(NegotiationConstants.TOKEN);
        if (log.isDebugEnabled()) {
            log.debug("xSessionId: {}, xDk: {}, token: {}.", new Object[]{header, header2, header3});
        }
        if (StringUtils.isEmpty(header) || StringUtils.isEmpty(header2) || StringUtils.isEmpty(header3)) {
            log.debug("reject for invalid security headers.");
            httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
            httpServletResponse.setContentType("application/json;charset=UTF-8");
            httpServletResponse.getWriter().write(JsonUtils.toJson(BaseResult.error(NegotiationErrorCodeEnum.MISSING_REQUIRED_PARAM)));
            return false;
        }
        NegotiationResult asServer = this.negotiationResultCache.getAsServer(header);
        if (asServer == null) {
            log.debug("cache missing, xSessionId:{}", header);
            httpServletResponse.setHeader(NegotiationConstants.NEGOTIATION_INVALID_TAG, NegotiationErrorCodeEnum.NEGOTIATION_INVALID.getCode());
            httpServletResponse.setContentType("application/json;charset=UTF-8");
            httpServletResponse.getWriter().write(JsonUtils.toJson(BaseResult.error(NegotiationErrorCodeEnum.NEGOTIATION_INVALID)));
            return false;
        }
        NegotiationResultCache.SERVER_LOCAL_CACHE.set(asServer);
        if (this.transportCryptoUtil.verifyToken(header, header2, header3, asServer.getPublicKey())) {
            TransportCipherHolder.setRequestCipher(DefaultTransportCipher.buildDecryptCipher(asServer, TransportCryptoUtil.decryptDk(asServer, header2)));
            return true;
        }
        log.debug("Token({}) invalid! xSessionId={}", header3, header);
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.getWriter().write(JsonUtils.toJson(BaseResult.error(NegotiationErrorCodeEnum.TOKEN_INVALID)));
        return false;
    }
}
