package top.binfast.common.encrypt.core;

import cn.hutool.cache.CacheUtil;
import cn.hutool.cache.impl.TimedCache;
import cn.hutool.core.annotation.AnnotationUtil;
import cn.hutool.core.date.DateUnit;
import cn.hutool.core.util.StrUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Type;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpInputMessage;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.lang.Nullable;
import org.springframework.util.StreamUtils;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
import top.binfast.common.core.exception.PlatformException;
import top.binfast.common.encrypt.annotation.ApiDecrypt;
import top.binfast.common.encrypt.model.DecryptHttpInputMessage;
import top.binfast.common.encrypt.utils.EncryptUtils;

@ControllerAdvice
@ConditionalOnProperty(value = {"security.encrypt.enable"}, havingValue = "true", matchIfMissing = true)
@Order(1)
/* loaded from: input_file:top/binfast/common/encrypt/core/ApiDecryptRequestBodyAdvice.class */
public class ApiDecryptRequestBodyAdvice implements RequestBodyAdvice {
    private static final Logger log = LoggerFactory.getLogger(ApiDecryptRequestBodyAdvice.class);
    static TimedCache<String, String> cache = CacheUtil.newTimedCache(DateUnit.MINUTE.getMillis() * 5);

    public boolean supports(MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> cls) {
        return AnnotationUtil.hasAnnotation(methodParameter.getMethod(), ApiDecrypt.class);
    }

    @Nullable
    public Object handleEmptyBody(@Nullable Object obj, HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> cls) {
        return obj;
    }

    public HttpInputMessage beforeBodyRead(HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> cls) throws IOException {
        if (methodParameter.getMethod() == null) {
            return httpInputMessage;
        }
        InputStream body = httpInputMessage.getBody();
        if (body.available() <= 0) {
            return httpInputMessage;
        }
        if (((ApiDecrypt) AnnotatedElementUtils.findMergedAnnotation(methodParameter.getMethod(), ApiDecrypt.class)) == null) {
            throw new PlatformException("获取解密注解配置为空");
        }
        HttpHeaders headers = httpInputMessage.getHeaders();
        String fromHead = EncryptUtils.getFromHead(headers, "sign");
        byte[] copyToByteArray = StreamUtils.copyToByteArray(body);
        if (!EncryptUtils.getSHA256Str(StrUtil.str(copyToByteArray, StandardCharsets.UTF_8)).equals(fromHead)) {
            throw new PlatformException("数据签名错误！");
        }
        String fromHead2 = EncryptUtils.getFromHead(headers, "appId", false);
        String fromHead3 = EncryptUtils.getFromHead(headers, "nonce");
        String fromHead4 = EncryptUtils.getFromHead(headers, "timestamp");
        String fromHead5 = EncryptUtils.getFromHead(headers, "appSign");
        long currentTimeMillis = System.currentTimeMillis();
        if (fromHead4 == null || ((currentTimeMillis - Long.parseLong(fromHead4)) / 1000) / 60 >= 5) {
            throw new PlatformException("请求过期！");
        }
        if (Objects.nonNull((String) cache.get(fromHead2 + "_" + fromHead3, false))) {
            throw new PlatformException("请求失效！");
        }
        cache.put(fromHead2 + "_" + fromHead3, "1");
        HashMap hashMap = new HashMap();
        hashMap.put("appId", fromHead2);
        hashMap.put("nonce", fromHead3);
        hashMap.put("timestamp", fromHead4);
        hashMap.put("sign", fromHead);
        try {
            if (EncryptUtils.rsaVerifySignature(EncryptUtils.buildSignStr(hashMap, EncryptUtils.getAppSecret(fromHead2)), EncryptUtils.getAppPublicKey(fromHead2), fromHead5)) {
                return new DecryptHttpInputMessage(new ByteArrayInputStream(copyToByteArray), headers);
            }
            throw new PlatformException("公钥验签错误！");
        } catch (Exception e) {
            throw new PlatformException("公钥验签出现问题错误！" + e.getMessage());
        }
    }

    public Object afterBodyRead(Object obj, HttpInputMessage httpInputMessage, MethodParameter methodParameter, Type type, Class<? extends HttpMessageConverter<?>> cls) {
        return obj;
    }

    static {
        cache.schedulePrune(DateUnit.MINUTE.getMillis() * 10);
    }
}
