package com.elitescloud.boot.web.config.filter;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.common.CloudtBootLoggerFactory;
import com.elitescloud.boot.exception.BusinessException;
import com.elitescloud.boot.support.CloudtInterceptor;
import com.elitescloud.boot.util.JSONUtil;
import com.elitescloud.boot.web.common.param.ApiSignatureParamIn;
import com.elitescloud.boot.web.common.param.Signature;
import com.elitescloud.boot.web.common.param.SignatureConfigParam;
import com.elitescloud.boot.web.common.param.SignatureModel;
import com.elitescloud.boot.web.common.signature.ApiSignature;
import com.elitescloud.boot.web.common.signature.ApiSignatureProvider;
import com.elitescloud.boot.web.config.WebProperties;
import com.elitescloud.boot.wrapper.CloudtRequestWrapper;
import com.elitescloud.cloudt.common.base.ApiCode;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.context.util.HttpServletUtil;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.core.MethodParameter;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServerHttpRequest;
import org.springframework.http.server.ServerHttpResponse;
import org.springframework.http.server.ServletServerHttpRequest;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.lang.NonNull;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;

@ControllerAdvice
@ConditionalOnProperty(prefix = "elitesland.web.api-sign", name = {"enabled"}, havingValue = "true")
/* loaded from: input_file:com/elitescloud/boot/web/config/filter/ApiSignatureInterceptor.class */
public class ApiSignatureInterceptor implements CloudtInterceptor, ResponseBodyAdvice<Object> {
    private static final Logger logger = CloudtBootLoggerFactory.WEB_SIGN.getLogger(ApiSignatureInterceptor.class);
    private static final Map<Method, ApiSignatureWrapper> API_SIGNATURE_CACHE = new HashMap(1024);
    private final ThreadLocal<ApiSignature> apiSignatureThreadLocal = new ThreadLocal<>();
    private final WebProperties webProperties;
    private final ApiSignatureProvider apiSignatureProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/elitescloud/boot/web/config/filter/ApiSignatureInterceptor$ApiSignatureWrapper.class */
    public static class ApiSignatureWrapper {
        private final Method method;
        private ApiSignature apiSignature;

        public ApiSignatureWrapper(Method method) {
            this.method = method;
            init();
        }

        public ApiSignature getApiSignature() {
            return this.apiSignature;
        }

        private void init() {
            ApiSignature apiSignature = (ApiSignature) this.method.getAnnotation(ApiSignature.class);
            if (apiSignature != null) {
                this.apiSignature = apiSignature;
            } else {
                this.apiSignature = (ApiSignature) this.method.getDeclaringClass().getAnnotation(ApiSignature.class);
            }
        }
    }

    public ApiSignatureInterceptor(WebProperties webProperties, ApiSignatureProvider apiSignatureProvider) {
        this.webProperties = webProperties;
        this.apiSignatureProvider = apiSignatureProvider;
    }

    public boolean preHandle(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull Object obj) throws Exception {
        HandlerMethod handlerMethod;
        ApiSignature obtainApiSignature;
        if (!(obj instanceof HandlerMethod) || Boolean.FALSE.equals(Boolean.valueOf(this.webProperties.getApiSign().isEnabled())) || (obtainApiSignature = obtainApiSignature((handlerMethod = (HandlerMethod) obj))) == null) {
            return true;
        }
        this.apiSignatureThreadLocal.set(obtainApiSignature);
        if (SignatureModel.SIGN == obtainApiSignature.model() || SignatureModel.VERIFY_SIGN != obtainApiSignature.model()) {
            return true;
        }
        try {
            boolean verifySign = verifySign(httpServletRequest);
            logger.debug("验签结果：{}, {}", httpServletRequest.getRequestURI(), Boolean.valueOf(verifySign));
            if (verifySign) {
                return true;
            }
            HttpServletUtil.writeJson(httpServletResponse, ApiResult.fail(ApiCode.SIGNATURE_ERROR, "签名校验不通过"));
            return false;
        } catch (Exception e) {
            logger.error("校验签名异常：{}", handlerMethod.getMethod().getDeclaringClass().getName() + "." + handlerMethod.getMethod().getName(), e);
            HttpServletUtil.writeJson(httpServletResponse, ApiResult.fail(ApiCode.SYSTEM_EXCEPTION, "服务器异常"));
            return false;
        }
    }

    public boolean supports(@NonNull MethodParameter methodParameter, @NonNull Class<? extends HttpMessageConverter<?>> cls) {
        return true;
    }

    public Object beforeBodyWrite(Object obj, @NonNull MethodParameter methodParameter, @NonNull MediaType mediaType, @NonNull Class<? extends HttpMessageConverter<?>> cls, @NonNull ServerHttpRequest serverHttpRequest, @NonNull ServerHttpResponse serverHttpResponse) {
        if (obj != null && (serverHttpRequest instanceof ServletServerHttpRequest) && (serverHttpResponse instanceof ServletServerHttpResponse)) {
            try {
                setSignature(((ServletServerHttpRequest) serverHttpRequest).getServletRequest(), ((ServletServerHttpResponse) serverHttpResponse).getServletResponse(), obj);
            } catch (Exception e) {
                logger.error("设置签名异常：{}", serverHttpRequest.getURI(), e);
            }
        }
        return obj;
    }

    private void setSignature(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, Object obj) {
        SignatureConfigParam config;
        ApiSignature apiSignature = this.apiSignatureThreadLocal.get();
        this.apiSignatureThreadLocal.remove();
        if (obj == null || apiSignature == null || Boolean.FALSE.equals(Boolean.valueOf(this.webProperties.getApiSign().isEnabled())) || apiSignature.model() != SignatureModel.SIGN) {
            return;
        }
        HttpMethod resolve = HttpMethod.resolve(httpServletRequest.getMethod());
        String requestURI = httpServletRequest.getRequestURI();
        if (this.apiSignatureProvider.needSignature(resolve, requestURI) && (config = this.apiSignatureProvider.getConfig(resolve, requestURI, SignatureModel.SIGN)) != null) {
            Signature sign = this.apiSignatureProvider.sign(resolve, requestURI, JSONUtil.toJsonString(obj), config);
            if (config.getSignatureParamIn() != ApiSignatureParamIn.HEADER) {
                throw new BusinessException("暂不支持的签名位置" + config.getSignatureParamIn());
            }
            httpServletResponse.addHeader(config.getSignatureParamName(), sign.getSiginature());
            if (CollUtil.isNotEmpty(sign.getAdditionalParam())) {
                Map<String, String> additionalParam = sign.getAdditionalParam();
                Objects.requireNonNull(httpServletResponse);
                additionalParam.forEach(httpServletResponse::addHeader);
            }
        }
    }

    private boolean verifySign(HttpServletRequest httpServletRequest) {
        SignatureConfigParam config;
        HttpMethod resolve = HttpMethod.resolve(httpServletRequest.getMethod());
        String requestURI = httpServletRequest.getRequestURI();
        if (!this.apiSignatureProvider.needVerifySignature(resolve, requestURI) || (config = this.apiSignatureProvider.getConfig(resolve, requestURI, SignatureModel.VERIFY_SIGN)) == null) {
            return true;
        }
        String obtainSignature = obtainSignature(config, httpServletRequest);
        if (CharSequenceUtil.isBlank(obtainSignature)) {
            logger.info("未获取到签名：{}", requestURI);
            return false;
        }
        if (!(httpServletRequest instanceof CloudtRequestWrapper)) {
            throw new IllegalStateException("获取请求头异常");
        }
        String bodyString = ((CloudtRequestWrapper) httpServletRequest).getBodyString();
        if (!CharSequenceUtil.isBlank(bodyString)) {
            return this.apiSignatureProvider.verifySign(resolve, requestURI, bodyString, obtainSignature, config);
        }
        logger.warn("验签失败，请求头为空");
        return false;
    }

    private String obtainSignature(SignatureConfigParam signatureConfigParam, HttpServletRequest httpServletRequest) {
        return signatureConfigParam.getSignatureParamIn() == ApiSignatureParamIn.HEADER ? httpServletRequest.getHeader(signatureConfigParam.getSignatureParamName()) : httpServletRequest.getParameter(signatureConfigParam.getSignatureParamName());
    }

    private ApiSignature obtainApiSignature(HandlerMethod handlerMethod) {
        Method method = handlerMethod.getMethod();
        return API_SIGNATURE_CACHE.computeIfAbsent(method, method2 -> {
            return new ApiSignatureWrapper(method);
        }).getApiSignature();
    }
}
