package cn.fscode.common.security.signature.servlet.manager;

import cn.fscode.common.core.utils.servlet.ServletUtils;
import cn.fscode.common.redis.utils.RedisUtils;
import cn.fscode.common.security.signature.common.config.SignatureProperties;
import cn.fscode.common.security.signature.common.constants.SignatureConstants;
import cn.fscode.common.security.signature.common.hanlder.SignatureHandler;
import cn.fscode.common.security.signature.common.model.SignatureData;
import cn.fscode.common.security.signature.servlet.annotations.ApiSignature;
import cn.fscode.common.tool.core.RegexUtils;
import cn.fscode.common.tool.core.StringUtils;
import cn.fscode.common.tool.crypto.SignUtils;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.RSA;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactoryUtils;
import org.springframework.context.ApplicationContext;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerExecutionChain;
import org.springframework.web.servlet.HandlerMapping;

@Component
/* loaded from: input_file:cn/fscode/common/security/signature/servlet/manager/ServletApiSignatureManagerImpl.class */
public class ServletApiSignatureManagerImpl implements ServletApiSignatureManager {
    private static final Logger log = LoggerFactory.getLogger(ServletApiSignatureManagerImpl.class);

    @Resource
    private SignatureHandler signatureHandler;

    @Resource
    private ApplicationContext applicationContext;

    @Resource
    private SignatureProperties signatureProperties;
    private List<HandlerMapping> handlerMappings;

    @PostConstruct
    public void init() {
        Map beansOfTypeIncludingAncestors = BeanFactoryUtils.beansOfTypeIncludingAncestors(this.applicationContext, HandlerMapping.class, true, false);
        if (beansOfTypeIncludingAncestors.isEmpty()) {
            return;
        }
        this.handlerMappings = new ArrayList(beansOfTypeIncludingAncestors.values());
        AnnotationAwareOrderComparator.sort(this.handlerMappings);
    }

    @Override // cn.fscode.common.security.signature.servlet.manager.ServletApiSignatureManager
    public boolean isCheckSign(HttpServletRequest httpServletRequest) {
        try {
            if (!this.signatureProperties.isEnabled()) {
                return false;
            }
            Object handler = getHandler(httpServletRequest).getHandler();
            String requestURI = httpServletRequest.getRequestURI();
            if (!(handler instanceof HandlerMethod)) {
                return false;
            }
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            if (null != ((ApiSignature) handlerMethod.getMethodAnnotation(ApiSignature.class))) {
                return true;
            }
            if (null == ((ApiSignature) handlerMethod.getBeanType().getAnnotation(ApiSignature.class))) {
                return RegexUtils.matches(requestURI, this.signatureProperties.getAddPaths());
            }
            return false;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected HandlerExecutionChain getHandler(HttpServletRequest httpServletRequest) throws Exception {
        if (this.handlerMappings == null) {
            return null;
        }
        for (HandlerMapping handlerMapping : this.handlerMappings) {
            if (log.isTraceEnabled()) {
                log.trace("Testing handler map [" + handlerMapping + "] in DispatcherServlet with name ''");
            }
            HandlerExecutionChain handler = handlerMapping.getHandler(httpServletRequest);
            if (handler != null) {
                return handler;
            }
        }
        return null;
    }

    private SignatureData getSignData(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(SignatureConstants.RequestHeader.TIME_STAMP);
        return SignatureData.builder().timeStamp(("null".equals(header) || StringUtils.isEmpty(header)) ? -1L : Long.parseLong(header)).key(httpServletRequest.getHeader(SignatureConstants.RequestHeader.KEY)).nonce(httpServletRequest.getHeader(SignatureConstants.RequestHeader.NONCE)).sign(httpServletRequest.getHeader(SignatureConstants.RequestHeader.SIGN)).build();
    }

    @Override // cn.fscode.common.security.signature.servlet.manager.ServletApiSignatureManager
    public void verifySign(HttpServletRequest httpServletRequest) {
        try {
            SignatureData signData = getSignData(httpServletRequest);
            if (!signData.check()) {
                httpServletRequest.setAttribute(SignatureConstants.CHECK_SIGN_FAIL_KEY, this.signatureHandler.checkParamFail());
                return;
            }
            Map allParams = ServletUtils.getAllParams(httpServletRequest);
            try {
                SignatureProperties.Rsa rsa = this.signatureProperties.getRsa();
                if (!SignUtils.checkSign(allParams, String.valueOf(signData.getTimeStamp()), signData.getNonce(), signData.getSign(), StrUtil.str(new RSA(rsa.getPrivateKey(), rsa.getPublicKey()).decrypt(signData.getKey(), KeyType.PrivateKey), CharsetUtil.CHARSET_UTF_8)).booleanValue()) {
                    httpServletRequest.setAttribute(SignatureConstants.CHECK_SIGN_FAIL_KEY, this.signatureHandler.invalidSign());
                }
            } catch (Exception e) {
                httpServletRequest.setAttribute(SignatureConstants.CHECK_SIGN_FAIL_KEY, this.signatureHandler.decryptSecretKeyFail());
            }
        } catch (Exception e2) {
            log.error("sign check fail: {}", e2.getMessage());
            log.debug("error: ", e2);
            httpServletRequest.setAttribute(SignatureConstants.CHECK_SIGN_FAIL_KEY, this.signatureHandler.invalidSign());
        }
    }

    private boolean isRepeatedSubmit(String str) throws Exception {
        String str2 = "sign:" + str;
        if (RedisUtils.StringOps.get(str2) != null) {
            return true;
        }
        RedisUtils.StringOps.setEx(str2, "", 60L);
        return false;
    }
}
