package com.elitescloud.boot.web.common.support;

import cn.hutool.core.lang.Assert;
import com.elitescloud.boot.common.constant.EncryptAlgorithm;
import com.elitescloud.boot.common.constant.EncryptFormatType;
import com.elitescloud.boot.common.constant.SignatureAlgorithm;
import com.elitescloud.boot.util.RsaUtil;
import com.elitescloud.boot.web.common.param.Signature;
import com.elitescloud.boot.web.common.param.SignatureConfigParam;
import com.elitescloud.boot.web.common.param.SignatureContent;
import com.elitescloud.boot.web.common.param.SignatureModel;
import com.elitescloud.boot.web.common.signature.ApiSignatureContentProvider;
import com.elitescloud.boot.web.common.signature.ApiSignatureParamProvider;
import com.elitescloud.boot.web.common.signature.ApiSignatureProvider;
import com.elitescloud.boot.web.common.signature.ApiVerifySignatureContentProvider;
import com.elitescloud.boot.web.config.WebProperties;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;

/* loaded from: input_file:com/elitescloud/boot/web/common/support/DefaultApiSignatureProvider.class */
public class DefaultApiSignatureProvider implements ApiSignatureProvider {
    private static final Logger logger = LoggerFactory.getLogger(DefaultApiSignatureProvider.class);
    private final WebProperties webProperties;
    private final ApiSignatureParamProvider paramProvider;
    private final ApiSignatureContentProvider signatureContentProvider;
    private final ApiVerifySignatureContentProvider verifySignatureContentProvider;

    public DefaultApiSignatureProvider(WebProperties webProperties, ApiSignatureParamProvider apiSignatureParamProvider, ApiSignatureContentProvider apiSignatureContentProvider, ApiVerifySignatureContentProvider apiVerifySignatureContentProvider) {
        this.webProperties = webProperties;
        this.paramProvider = apiSignatureParamProvider;
        this.signatureContentProvider = apiSignatureContentProvider;
        this.verifySignatureContentProvider = apiVerifySignatureContentProvider;
    }

    @Override // com.elitescloud.boot.web.common.signature.ApiSignatureProvider
    public SignatureConfigParam getConfig(HttpMethod httpMethod, String str, SignatureModel signatureModel) {
        try {
            return this.paramProvider.get(httpMethod, str, signatureModel);
        } catch (Exception e) {
            throw new IllegalStateException("获取加密参数配置异常", e);
        }
    }

    @Override // com.elitescloud.boot.web.common.signature.ApiSignatureProvider
    public boolean needSignature(HttpMethod httpMethod, String str) {
        return this.webProperties.getApiSign().isEnabled();
    }

    @Override // com.elitescloud.boot.web.common.signature.ApiSignatureProvider
    public Signature sign(HttpMethod httpMethod, String str, String str2) {
        return sign(httpMethod, str, str2, null);
    }

    @Override // com.elitescloud.boot.web.common.signature.ApiSignatureProvider
    public Signature sign(HttpMethod httpMethod, String str, String str2, SignatureConfigParam signatureConfigParam) {
        if (signatureConfigParam == null) {
            signatureConfigParam = getConfig(httpMethod, str, SignatureModel.SIGN);
        }
        if (signatureConfigParam == null) {
            logger.info("未获取到签名配置，忽略签名：{}", httpMethod + ":" + str);
            return null;
        }
        try {
            SignatureContent produce = this.signatureContentProvider.produce(httpMethod, str, str2, signatureConfigParam);
            Assert.notNull(produce, "签名内容为空", new Object[0]);
            logger.info("签名内容：{}，额外参数：{}", produce.getContent(), produce.getAdditionalParams());
            String generateSignature = generateSignature(produce.getContent(), signatureConfigParam.getEncryptAlgorithm(), readPrivateKey(signatureConfigParam.getEncryptAlgorithm(), signatureConfigParam.getEncryptFormatType(), signatureConfigParam.getPrivateKey()), signatureConfigParam.getSignatureAlgorithm());
            logger.info("生成签名：{}，{}", httpMethod + ":" + str, generateSignature);
            return new Signature(generateSignature, produce.getAdditionalParams());
        } catch (Exception e) {
            throw new IllegalArgumentException("生成签名失败，" + e.getMessage(), e);
        }
    }

    @Override // com.elitescloud.boot.web.common.signature.ApiSignatureProvider
    public boolean needVerifySignature(HttpMethod httpMethod, String str) {
        return this.webProperties.getApiSign().isEnabled();
    }

    @Override // com.elitescloud.boot.web.common.signature.ApiSignatureProvider
    public boolean verifySign(HttpMethod httpMethod, String str, String str2, String str3) {
        return verifySign(httpMethod, str, str2, str3, null);
    }

    @Override // com.elitescloud.boot.web.common.signature.ApiSignatureProvider
    public boolean verifySign(HttpMethod httpMethod, String str, String str2, String str3, SignatureConfigParam signatureConfigParam) {
        if (signatureConfigParam == null) {
            signatureConfigParam = getConfig(httpMethod, str, SignatureModel.VERIFY_SIGN);
        }
        if (signatureConfigParam == null) {
            logger.info("未获取到验签配置，忽略验签：{}", httpMethod + ":" + str);
            return true;
        }
        try {
            String produce = this.verifySignatureContentProvider.produce(httpMethod, str, str2, signatureConfigParam);
            Assert.notNull(produce, "待验证签名内容为空", new Object[0]);
            logger.info("待验证签名内容：{}", produce);
            boolean verifySignature = verifySignature(produce, str3, signatureConfigParam.getEncryptAlgorithm(), readPublicKey(signatureConfigParam.getEncryptAlgorithm(), signatureConfigParam.getEncryptFormatType(), signatureConfigParam.getPublicKey()), signatureConfigParam.getSignatureAlgorithm().name());
            logger.info("校验签名：{}，{}，{}", new Object[]{httpMethod + ":" + str, str3, Boolean.valueOf(verifySignature)});
            return verifySignature;
        } catch (Exception e) {
            throw new IllegalArgumentException("验证签名失败，" + e.getMessage(), e);
        }
    }

    private PrivateKey readPrivateKey(EncryptAlgorithm encryptAlgorithm, EncryptFormatType encryptFormatType, String str) throws Exception {
        if (EncryptAlgorithm.RSA == encryptAlgorithm) {
            return EncryptFormatType.PKCS1 == encryptFormatType ? RsaUtil.convert2PrivateKeyForPkcs1(str) : RsaUtil.convert2PrivateKey(str);
        }
        throw new IllegalStateException("暂不支持的加密算法" + encryptAlgorithm);
    }

    private PublicKey readPublicKey(EncryptAlgorithm encryptAlgorithm, EncryptFormatType encryptFormatType, String str) throws Exception {
        if (EncryptAlgorithm.RSA == encryptAlgorithm) {
            return EncryptFormatType.PKCS1 == encryptFormatType ? RsaUtil.convert2PublicKeyForPkcs1(str) : RsaUtil.convert2PublicKey(str);
        }
        throw new IllegalStateException("暂不支持的加密算法" + encryptAlgorithm);
    }

    private String generateSignature(String str, EncryptAlgorithm encryptAlgorithm, PrivateKey privateKey, SignatureAlgorithm signatureAlgorithm) {
        if (EncryptAlgorithm.RSA == encryptAlgorithm) {
            return RsaUtil.sign(privateKey, signatureAlgorithm.name(), str);
        }
        throw new IllegalStateException("暂不支持的签名算法" + encryptAlgorithm);
    }

    private boolean verifySignature(String str, String str2, EncryptAlgorithm encryptAlgorithm, PublicKey publicKey, String str3) {
        if (EncryptAlgorithm.RSA == encryptAlgorithm) {
            return RsaUtil.verifySign(publicKey, str3, str, str2);
        }
        throw new IllegalStateException("暂不支持的签名算法" + encryptAlgorithm);
    }
}
