package cn.idea360.signature.filter;

import cn.idea360.signature.algorithm.SignatureAlgorithm;
import cn.idea360.signature.configration.SignatureConfigration;
import cn.idea360.signature.constant.HttpConstant;
import cn.idea360.signature.constant.SignatureConstant;
import cn.idea360.signature.properties.Secret;
import cn.idea360.signature.properties.SignatureProperties;
import cn.idea360.signature.properties.SignatureType;
import cn.idea360.signature.storage.SecretStorage;
import cn.idea360.signature.wrapper.ContentCachingRequestWrapper;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StreamUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:cn/idea360/signature/filter/SignatureFilter.class */
public class SignatureFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(SignatureFilter.class);
    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
    private final ObjectMapper objectMapper = new ObjectMapper();
    private final Map<String, SignatureAlgorithm> signatureAlgorithmMap;
    private final SignatureProperties signatureProperties;
    private final SecretStorage secretStorage;

    public SignatureFilter(SignatureConfigration signatureConfigration) {
        this.signatureAlgorithmMap = signatureConfigration.getSignatureAlgorithmMap();
        this.signatureProperties = signatureConfigration.getSignatureProperties();
        this.secretStorage = signatureConfigration.getSecretStorage();
        List<Secret> secrets = this.signatureProperties.getSecrets();
        SecretStorage secretStorage = this.secretStorage;
        Objects.requireNonNull(secretStorage);
        secrets.forEach(secretStorage::addSecret);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ContentCachingRequestWrapper contentCachingRequestWrapper = new ContentCachingRequestWrapper((HttpServletRequest) servletRequest);
        String servletPath = contentCachingRequestWrapper.getServletPath();
        if ((!this.signatureProperties.getSignatureType().equals(SignatureType.SINGLE) || contains(this.signatureProperties.getIncludedUris(), servletPath)) && !(this.signatureProperties.getSignatureType().equals(SignatureType.ALL) && contains(this.signatureProperties.getExcludedUris(), servletPath))) {
            doSignature(contentCachingRequestWrapper, servletResponse, filterChain);
        } else {
            filterChain.doFilter(contentCachingRequestWrapper, servletResponse);
        }
    }

    private void doSignature(ContentCachingRequestWrapper contentCachingRequestWrapper, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String obtainHeader = obtainHeader(contentCachingRequestWrapper, SignatureConstant.CA_KEY);
        String obtainHeader2 = obtainHeader(contentCachingRequestWrapper, SignatureConstant.CA_NONCE);
        String obtainHeader3 = obtainHeader(contentCachingRequestWrapper, SignatureConstant.CA_TIMESTAMP);
        String obtainHeader4 = obtainHeader(contentCachingRequestWrapper, SignatureConstant.CA_SIGNATURE_METHOD);
        String obtainHeader5 = obtainHeader(contentCachingRequestWrapper, SignatureConstant.CA_SIGNATURE);
        try {
            Assert.hasText(obtainHeader, "appid must not be null");
            Assert.hasText(obtainHeader4, "algorithm must not be null");
            Assert.hasText(obtainHeader3, "timestamp must not be null");
            Assert.hasText(obtainHeader2, "nonce must not be null");
            Assert.hasText(obtainHeader5, "signature must not be null");
            Secret obtainSecret = obtainSecret(obtainHeader);
            if (Objects.isNull(obtainSecret) || !StringUtils.hasText(obtainSecret.getAppSecret())) {
                sendUnauthorizedMessage(httpServletResponse, "签名密钥不存在");
                return;
            }
            if (Duration.between(LocalDateTime.ofInstant(Instant.ofEpochMilli(Long.parseLong(obtainHeader3)), ZoneOffset.ofHours(8)), LocalDateTime.now()).get(ChronoUnit.SECONDS) > this.signatureProperties.getExpireInSeconds()) {
                sendUnauthorizedMessage(httpServletResponse, "签名已失效");
                return;
            }
            if (!obtainSecret.getSignatureMethod().equals(obtainHeader4)) {
                sendUnauthorizedMessage(httpServletResponse, "签名类型不支持");
                return;
            }
            if (this.signatureAlgorithmMap.get(obtainHeader4).signature(buildStringToSign(this.signatureProperties.isConvertNullParamToEmpty(), contentCachingRequestWrapper.getQueryString(), obtainBody(contentCachingRequestWrapper), obtainHeader2, obtainHeader3, obtainSecret.getAppSecret()), obtainSecret.getAppSecret()).equals(obtainHeader5)) {
                filterChain.doFilter(contentCachingRequestWrapper, httpServletResponse);
            } else {
                sendUnauthorizedMessage(httpServletResponse, "验签失败");
            }
        } catch (Exception e) {
            sendUnauthorizedMessage(httpServletResponse, "签名参数不完整");
        }
    }

    private String buildStringToSign(boolean z, String str, String str2, String str3, String str4, String str5) {
        StringBuilder sb = new StringBuilder();
        sb.append((z && Objects.isNull(str)) ? "" : str).append((z && Objects.isNull(str2)) ? "" : str2).append(str3).append(str4).append(str5);
        return sb.toString();
    }

    private String obtainHeader(HttpServletRequest httpServletRequest, String str) {
        String header = httpServletRequest.getHeader(str);
        return header == null ? "" : header.trim();
    }

    private String obtainBody(HttpServletRequest httpServletRequest) throws IOException {
        return new String(StreamUtils.copyToByteArray(httpServletRequest.getInputStream()), StandardCharsets.UTF_8);
    }

    private String obtainBodyIgnoreBlank(HttpServletRequest httpServletRequest) throws IOException {
        return ((String) httpServletRequest.getReader().lines().collect(Collectors.joining(System.lineSeparator()))).replaceAll("\\s*|\\t|\\r|\\n", "");
    }

    private Secret obtainSecret(String str) {
        return this.secretStorage.getSecret(str);
    }

    private boolean contains(List<String> list, String str) {
        if (CollectionUtils.isEmpty(list)) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (this.antPathMatcher.match(it.next().trim(), str)) {
                return true;
            }
        }
        return false;
    }

    private void sendUnauthorizedMessage(HttpServletResponse httpServletResponse, String str) {
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setStatus(401);
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            HashMap hashMap = new HashMap();
            hashMap.put("code", 401);
            hashMap.put("msg", str);
            writer.write(this.objectMapper.writeValueAsString(hashMap));
            writer.flush();
            writer.close();
        } catch (Exception e) {
            log.error("can't push signature err message", e);
        }
    }

    private String buildStringToSign(HttpServletRequest httpServletRequest) throws IOException {
        StringBuilder sb = new StringBuilder();
        if ("GET".equals(httpServletRequest.getMethod()) || HttpConstant.CONTENT_TYPE_FORM.equals(httpServletRequest.getHeader("Content-type"))) {
            sb.append(httpServletRequest.getQueryString());
        }
        if (HttpConstant.CONTENT_TYPE_JSON.equals(httpServletRequest.getHeader("Content-type"))) {
            sb.append(obtainBody(httpServletRequest));
        }
        return sb.toString();
    }
}
