package org.shoulder.crypto.negotiation.support.server;

import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.shoulder.core.dto.response.BaseResult;
import org.shoulder.core.log.Logger;
import org.shoulder.core.log.LoggerFactory;
import org.shoulder.crypto.asymmetric.exception.AsymmetricCryptoException;
import org.shoulder.crypto.negotiation.cache.NegotiationResultCache;
import org.shoulder.crypto.negotiation.cipher.DefaultTransportCipher;
import org.shoulder.crypto.negotiation.constant.NegotiationConstants;
import org.shoulder.crypto.negotiation.dto.NegotiationResult;
import org.shoulder.crypto.negotiation.dto.SensitiveFieldWrapper;
import org.shoulder.crypto.negotiation.exception.NegotiationErrorCodeEnum;
import org.shoulder.crypto.negotiation.support.Sensitive;
import org.shoulder.crypto.negotiation.util.SensitiveFieldCache;
import org.shoulder.crypto.negotiation.util.TransportCryptoUtil;
import org.shoulder.crypto.symmetric.exception.SymmetricCryptoException;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;

@RestControllerAdvice
/* loaded from: input_file:org/shoulder/crypto/negotiation/support/server/SensitiveResponseEncryptAdvice.class */
public class SensitiveResponseEncryptAdvice implements ResponseBodyAdvice<Object> {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final TransportCryptoUtil transportCryptoUtil;

    public SensitiveResponseEncryptAdvice(TransportCryptoUtil transportCryptoUtil) {
        this.transportCryptoUtil = transportCryptoUtil;
    }

    public boolean supports(@Nonnull MethodParameter methodParameter, @Nonnull Class<? extends HttpMessageConverter<?>> cls) {
        return (!MappingJackson2HttpMessageConverter.class.isAssignableFrom(cls) || ResponseEntity.class.isAssignableFrom(methodParameter.getParameterType()) || ((Sensitive) methodParameter.getMethodAnnotation(Sensitive.class)) == null) ? false : true;
    }

    public Object beforeBodyWrite(@Nullable Object obj, @Nonnull MethodParameter methodParameter, @Nonnull MediaType mediaType, @Nonnull Class<? extends HttpMessageConverter<?>> cls, @Nonnull ServerHttpRequest serverHttpRequest, @Nonnull ServerHttpResponse serverHttpResponse) {
        String first;
        if (obj == null) {
            this.log.debug("body is null");
            return null;
        }
        Object obj2 = obj;
        if (obj instanceof BaseResult) {
            obj2 = ((BaseResult) obj).getData();
            if (obj2 == null) {
                return obj;
            }
        }
        List<SensitiveFieldWrapper> findSensitiveResponseFieldInfo = SensitiveFieldCache.findSensitiveResponseFieldInfo(obj2.getClass());
        if (!CollectionUtils.isEmpty(findSensitiveResponseFieldInfo) && (first = serverHttpRequest.getHeaders().getFirst(NegotiationConstants.SECURITY_SESSION_ID)) != null) {
            NegotiationResult negotiationResult = NegotiationResultCache.SERVER_LOCAL_CACHE.get();
            try {
                if (negotiationResult == null) {
                    serverHttpResponse.getHeaders().set(NegotiationConstants.NEGOTIATION_INVALID_TAG, NegotiationErrorCodeEnum.NEGOTIATION_INVALID.getCode());
                    serverHttpResponse.setStatusCode(HttpStatus.OK);
                    serverHttpResponse.getHeaders().setContentType(MediaType.APPLICATION_JSON_UTF8);
                    return BaseResult.error(NegotiationErrorCodeEnum.NEGOTIATION_INVALID);
                }
                try {
                    byte[] generateDataKey = TransportCryptoUtil.generateDataKey(negotiationResult.getKeyLength());
                    DefaultTransportCipher.EncryptCipher buildEncryptCipher = DefaultTransportCipher.buildEncryptCipher(negotiationResult, generateDataKey);
                    String encryptDk = TransportCryptoUtil.encryptDk(negotiationResult, generateDataKey);
                    this.log.debug("security response. xDk is " + encryptDk);
                    SensitiveFieldCache.handleSensitiveData(obj2, findSensitiveResponseFieldInfo, buildEncryptCipher);
                    HttpHeaders headers = serverHttpResponse.getHeaders();
                    headers.add(NegotiationConstants.TOKEN, this.transportCryptoUtil.generateToken(first, encryptDk));
                    headers.add(NegotiationConstants.SECURITY_SESSION_ID, negotiationResult.getxSessionId());
                    headers.add(NegotiationConstants.SECURITY_DATA_KEY, encryptDk);
                    NegotiationResultCache.SERVER_LOCAL_CACHE.remove();
                    return obj;
                } catch (SymmetricCryptoException e) {
                    this.log.warn("encrypt dk fail!", e);
                    throw new RuntimeException("encrypt dk fail!", e);
                } catch (AsymmetricCryptoException e2) {
                    this.log.warn("token generate fail!", e2);
                    throw new RuntimeException("token generate fail!", e2);
                }
            } catch (Throwable th) {
                NegotiationResultCache.SERVER_LOCAL_CACHE.remove();
                throw th;
            }
        }
        return obj;
    }
}
