package cn.oever.signature.service;

import cn.oever.signature.annotation.Signature;
import cn.oever.signature.annotation.SignedAppId;
import cn.oever.signature.annotation.SignedEntity;
import cn.oever.signature.annotation.SignedIgnore;
import cn.oever.signature.annotation.SignedMapping;
import cn.oever.signature.annotation.SignedNonce;
import cn.oever.signature.annotation.SignedTimestamp;
import cn.oever.signature.exception.SignedException;
import cn.oever.signature.util.RedisUtil;
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.stereotype.Component;

@Aspect
@Component
@Primary
/* loaded from: input_file:cn/oever/signature/service/BaseSignedService.class */
public class BaseSignedService {

    @Value("${oever.signature.algorithm:HmacSHA1}")
    private String ALGORITHM;

    @Value("${oever.signature.time-diff-max:10}")
    private long TIME_DIFF_MAX;

    @Autowired(required = false)
    private RedisUtil redisUtil;
    private static final String PREFIX = "oever:signature:";

    @Pointcut("@within(cn.oever.signature.annotation.SignedMapping) || @annotation(cn.oever.signature.annotation.SignedMapping) ")
    public void mapping() {
    }

    @Before("mapping() ")
    public void before(JoinPoint joinPoint) throws Exception {
        SignedMapping signedMapping = (SignedMapping) AnnotationUtils.findAnnotation(joinPoint.getSignature().getMethod(), SignedMapping.class);
        if (signedMapping == null) {
            signedMapping = (SignedMapping) AnnotationUtils.findAnnotation(joinPoint.getTarget().getClass(), SignedMapping.class);
        }
        if (getClass().equals(signedMapping.value())) {
            for (Object obj : joinPoint.getArgs()) {
                if (((SignedEntity) AnnotationUtils.findAnnotation(obj.getClass(), SignedEntity.class)) != null) {
                    entry(obj);
                    return;
                }
            }
        }
    }

    public void entry(Object obj) throws Exception {
        Map<String, Object> object2Map = object2Map(obj);
        String str = (String) getParamByAnnotation(obj, SignedAppId.class);
        long longValue = ((Long) getParamByAnnotation(obj, SignedTimestamp.class)).longValue();
        int intValue = ((Integer) getParamByAnnotation(obj, SignedNonce.class)).intValue();
        String str2 = (String) getParamByAnnotation(obj, Signature.class);
        isTimeDiffLarge(longValue);
        isReplayAttack(str, longValue, intValue, str2);
        if (!str2.equals(getSignature(str, object2Map))) {
            throw new SignedException.SignatureError(str2);
        }
    }

    public Map<String, Object> object2Map(Object obj) throws IllegalAccessException {
        HashMap hashMap = new HashMap();
        if (obj == null) {
            return hashMap;
        }
        for (Field field : obj.getClass().getDeclaredFields()) {
            field.setAccessible(true);
            if (((SignedIgnore) AnnotationUtils.findAnnotation(field, SignedIgnore.class)) == null) {
                if (field.get(obj) == null) {
                    throw new SignedException.NullParam(field.getName());
                }
                hashMap.put(field.getName(), field.get(obj));
            }
        }
        return hashMap;
    }

    public final Object getParamByAnnotation(Object obj, Class<? extends Annotation> cls) throws IllegalAccessException {
        for (Field field : obj.getClass().getDeclaredFields()) {
            field.setAccessible(true);
            if (AnnotationUtils.findAnnotation(field, cls) != null) {
                return field.get(obj);
            }
        }
        return null;
    }

    public String getAppSecret(String str) {
        String str2 = this.redisUtil.get(str);
        if (str2 == null) {
            throw new SignedException.AppIdInvalid(str);
        }
        return str2.toString();
    }

    public void isTimeDiffLarge(long j) {
        long currentTimeMillis = j - (System.currentTimeMillis() / 1000);
        if (Math.abs(currentTimeMillis) > this.TIME_DIFF_MAX) {
            throw new SignedException.TimestampError(currentTimeMillis + "");
        }
    }

    public void isReplayAttack(String str, long j, int i, String str2) {
        String str3 = PREFIX + str + "_" + j + "_" + i;
        String str4 = this.redisUtil.get(str3);
        if (str4 != null && str2.equals(str4.toString())) {
            throw new SignedException.ReplayAttack(str, j, i);
        }
        this.redisUtil.set(str3, str2, Long.valueOf(this.TIME_DIFF_MAX));
    }

    public String getSignature(String str, Map map) throws NoSuchAlgorithmException, InvalidKeyException {
        String appSecret = getAppSecret(str);
        TreeMap treeMap = new TreeMap(map);
        StringBuffer stringBuffer = new StringBuffer();
        for (Map.Entry entry : treeMap.entrySet()) {
            stringBuffer.append(((String) entry.getKey()) + "=" + entry.getValue());
            stringBuffer.append("&");
        }
        stringBuffer.deleteCharAt(stringBuffer.length() - 1);
        SecretKeySpec secretKeySpec = new SecretKeySpec(StringUtils.getBytesUtf8(appSecret), this.ALGORITHM);
        Mac mac = Mac.getInstance(this.ALGORITHM);
        mac.init(secretKeySpec);
        return Base64.encodeBase64String(mac.doFinal(StringUtils.getBytesUtf8(stringBuffer.toString())));
    }
}
