package cn.aotcloud.security.oncetoken.support.simple;

import cn.aotcloud.crypto.pcode.PcodeEncoder;
import cn.aotcloud.logger.LoggerHandle;
import cn.aotcloud.security.oncetoken.OnceProtocol;
import cn.aotcloud.security.oncetoken.RequestToken;
import cn.aotcloud.security.oncetoken.RequestTokenStore;
import cn.aotcloud.security.oncetoken.RequestTokenValidator;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:cn/aotcloud/security/oncetoken/support/simple/SimpleRequestTokenValidator.class */
public class SimpleRequestTokenValidator implements RequestTokenValidator {
    protected LoggerHandle logger = new LoggerHandle(getClass());
    protected final RequestTokenStore requestTokenStore;
    protected final PcodeEncoder pscodeEncoder;
    protected final long timeinterval;
    protected final String requestTokenSalt;

    public SimpleRequestTokenValidator(RequestTokenStore requestTokenStore, PcodeEncoder pcodeEncoder, long j, String str) {
        this.requestTokenStore = requestTokenStore;
        this.pscodeEncoder = pcodeEncoder;
        this.timeinterval = j;
        this.requestTokenSalt = str;
    }

    @Override // cn.aotcloud.security.oncetoken.RequestTokenValidator
    public boolean support(RequestToken requestToken) {
        return requestToken != null && (StringUtils.isBlank(requestToken.getProtocol()) || StringUtils.equalsIgnoreCase(requestToken.getProtocol(), OnceProtocol.simple.name()));
    }

    @Override // cn.aotcloud.security.oncetoken.RequestTokenValidator
    public void validate(RequestToken requestToken) throws cn.aotcloud.security.oncetoken.II11iIiI {
        if (requestToken != null) {
            isValidTimestamp(requestToken.getCreateTime());
            isValidNonce(requestToken.getToken());
            isValidSign(requestToken);
        }
    }

    protected void isValidTimestamp(Long l) {
        if (l != null && Math.abs(System.currentTimeMillis() - l.longValue()) <= this.timeinterval) {
            return;
        }
        this.logger.error(false, "防重放拦截：请求令牌时间戳不合法");
        throw new cn.aotcloud.security.oncetoken.II11iIiI("防重放拦截：请求令牌时间戳不合法");
    }

    protected void isValidNonce(String str) {
        RequestToken token = this.requestTokenStore.getToken(str);
        if (StringUtils.isNotBlank(str) && (token == null || token.isExpired())) {
            return;
        }
        this.logger.error(false, "防重放拦截：请求令牌已经被使用过");
        throw new cn.aotcloud.security.oncetoken.II11iIiI("防重放拦截：请求令牌已经被使用过");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void isValidSign(RequestToken requestToken) {
        if (this.pscodeEncoder.matches(getRequestTokenAsStr(requestToken), requestToken.getSign())) {
            return;
        }
        this.logger.error(false, "防重放拦截：请求令牌签名摘要不合法");
        throw new cn.aotcloud.security.oncetoken.II11iIiI("防重放拦截：请求令牌签名摘要不合法");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRequestTokenAsStr(RequestToken requestToken) {
        return String.join(",", requestToken.getCreateTime().toString(), requestToken.getToken());
    }
}
