package com.cssw.bootx.security.api.signature.core;

import com.cssw.bootx.core.util.StringUtil;
import com.cssw.bootx.security.api.signature.autoconfigure.ApiSignatureProperties;
import com.cssw.bootx.security.api.signature.exception.ExistsNonceException;
import com.cssw.bootx.security.api.signature.exception.InvalidSignatureException;
import com.cssw.bootx.security.api.signature.exception.InvalidTimestampException;
import com.cssw.bootx.security.api.signature.exception.MissingArgumentException;
import com.cssw.bootx.security.api.signature.exception.UnknownClientException;
import com.cssw.bootx.security.api.signature.util.SignatrueUtil;
import com.cssw.bootx.security.api.signature.util.TimeUtil;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StreamUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.servlet.HandlerExceptionResolver;

/* loaded from: input_file:com/cssw/bootx/security/api/signature/core/ApiSignatureFilter.class */
public class ApiSignatureFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(ApiSignatureFilter.class);
    private ApiSignatureProperties properties;
    private ClientDetailsProvider clientDetailsProvider;
    private NonceCacheService nonceCacheService;
    private HandlerExceptionResolver resolver;
    private final AntPathMatcher antPathMatcher = new AntPathMatcher();

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!isNotSkipUrl(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        RequestWrapper requestWrapper = new RequestWrapper(httpServletRequest);
        String header = requestWrapper.getHeader(this.properties.getAppKey());
        String header2 = requestWrapper.getHeader(this.properties.getTimestamp());
        String header3 = requestWrapper.getHeader(this.properties.getNonce());
        String header4 = requestWrapper.getHeader(this.properties.getSignature());
        if (StringUtil.isAnyBlank(new String[]{header, header2, header3, header4})) {
            this.resolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new MissingArgumentException());
            return;
        }
        if (this.properties.getTimeErrorSec().intValue() != -1 && Math.abs(TimeUtil.elapse(Long.valueOf(header2))) > this.properties.getTimeErrorSec().intValue()) {
            this.resolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new InvalidTimestampException());
            return;
        }
        if (this.nonceCacheService.exists(header, header3)) {
            this.resolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new ExistsNonceException());
            return;
        }
        ClientDetails load = this.clientDetailsProvider.load(header);
        if (load == null) {
            this.resolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new UnknownClientException());
            return;
        }
        String requestMethod = getRequestMethod(requestWrapper);
        String url = getUrl(requestWrapper);
        String requestBody = getRequestBody(requestWrapper);
        log.info("method: {}, url: {}, body: {}", new Object[]{requestMethod, url, requestBody});
        String genPlaintext = genPlaintext(requestMethod, url, header2, header3, requestBody);
        log.info("plaintext: {}", genPlaintext);
        String encrypt = SignatrueUtil.encrypt(this.properties.getCrypto(), genPlaintext, load.getAppSecret());
        if (!header4.equalsIgnoreCase(encrypt)) {
            log.info("signature: {}", header4);
            log.info("ciphertext: {}", encrypt);
            this.resolver.resolveException(httpServletRequest, httpServletResponse, (Object) null, new InvalidSignatureException());
        } else {
            this.nonceCacheService.set(header, header3, header3, this.properties.getNonceExpireSec().intValue());
            ApiSignatureContext.setAppKey(header);
            try {
                filterChain.doFilter(requestWrapper, httpServletResponse);
            } finally {
                ApiSignatureContext.clearAppKey();
            }
        }
    }

    private boolean isNotSkipUrl(HttpServletRequest httpServletRequest) {
        return !isSkipUrl(httpServletRequest);
    }

    private boolean isSkipUrl(HttpServletRequest httpServletRequest) {
        Iterator<String> it = this.properties.getExcludeUrls().iterator();
        while (it.hasNext()) {
            if (checkUrl(httpServletRequest, it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean checkUrl(HttpServletRequest httpServletRequest, String str) {
        String servletPath = httpServletRequest.getServletPath();
        String pathInfo = httpServletRequest.getPathInfo();
        if (StringUtil.isNotBlank(pathInfo)) {
            servletPath = servletPath + pathInfo;
        }
        return this.antPathMatcher.match(str, servletPath);
    }

    private String getUrl(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            requestURI = requestURI + "?" + URLDecoder.decode(queryString);
        }
        return requestURI;
    }

    private String getRequestBody(HttpServletRequest httpServletRequest) throws IOException {
        return StreamUtils.copyToString(httpServletRequest.getInputStream(), StandardCharsets.UTF_8);
    }

    private String getRequestMethod(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getMethod();
    }

    private String genPlaintext(String str, String str2, String str3, String str4, String str5) {
        return str + "\n" + str2 + "\n" + str3 + "\n" + str4 + "\n" + str5 + "\n";
    }

    public ApiSignatureFilter(ApiSignatureProperties apiSignatureProperties, ClientDetailsProvider clientDetailsProvider, NonceCacheService nonceCacheService, HandlerExceptionResolver handlerExceptionResolver) {
        this.properties = apiSignatureProperties;
        this.clientDetailsProvider = clientDetailsProvider;
        this.nonceCacheService = nonceCacheService;
        this.resolver = handlerExceptionResolver;
    }
}
