package com.gccloud.gcpaas.core.utils;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.digest.HmacAlgorithms;
import org.apache.commons.codec.digest.HmacUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:com/gccloud/gcpaas/core/utils/SignUtils.class */
public class SignUtils {
    public static final String U_APP_KEY = "gcpaas-appKey";
    public static final String U_ONCE = "gcpaas-once";
    public static final String U_TIMESTAMP = "gcpaas-timestamp";
    public static final String U_SIGNATURE = "gcpaas-signature";
    public static final long TIME_OUT = 1000;
    private static final Logger log = LoggerFactory.getLogger(SignUtils.class);
    private static final Cache<String, Boolean> ONCE_KEY_CACHE = Caffeine.newBuilder().expireAfterWrite(1000, TimeUnit.MILLISECONDS).build();

    public static String sign(Map<String, String> map, String str) {
        String str2 = map.get(U_APP_KEY);
        Assert.isTrue(StringUtils.isNotBlank(str2), "gcpaas-appKey为空");
        String str3 = map.get(U_ONCE);
        Assert.isTrue(StringUtils.isNotBlank(str3), "gcpaas-once为空");
        String str4 = map.get(U_TIMESTAMP);
        Assert.isTrue(StringUtils.isNotBlank(str4), "gcpaas-timestamp为空");
        return new HmacUtils(HmacAlgorithms.HMAC_SHA_256, str).hmacHex(str2 + str3 + str4);
    }

    public static void validateSign(HttpServletRequest httpServletRequest, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(U_APP_KEY, httpServletRequest.getHeader(U_APP_KEY));
        hashMap.put(U_TIMESTAMP, httpServletRequest.getHeader(U_TIMESTAMP));
        hashMap.put(U_ONCE, httpServletRequest.getHeader(U_ONCE));
        hashMap.put(U_SIGNATURE, httpServletRequest.getHeader(U_SIGNATURE));
        validateSign(hashMap, str);
    }

    public static void validateSign(Map<String, String> map, String str) {
        String str2 = map.get(U_APP_KEY);
        Assert.isTrue(StringUtils.isNotBlank(str2), "gcpaas-appKey为空");
        String str3 = map.get(U_TIMESTAMP);
        Assert.isTrue(StringUtils.isNotBlank(str3), "gcpaas-timestamp为空");
        long parseLong = Long.parseLong(str3);
        Assert.isTrue(Math.abs(System.currentTimeMillis() - parseLong) <= 1000, "gcpaas-timestamp已过期或服务器时间不同步");
        String str4 = map.get(U_ONCE);
        Assert.isTrue(StringUtils.isNotBlank(str4), "gcpaas-once为空");
        String str5 = map.get(U_SIGNATURE);
        Assert.isTrue(StringUtils.isNotBlank(str5), "gcpaas-signature为空");
        Assert.isTrue(str5.equals(new HmacUtils(HmacAlgorithms.HMAC_SHA_256, str).hmacHex(str2 + str4 + parseLong)), "签名不一致");
        Assert.isTrue(((Boolean) ONCE_KEY_CACHE.getIfPresent(str4)) == null, "非法重放攻击");
        ONCE_KEY_CACHE.put(str4, true);
    }
}
