package fun.tusi.sign.aspect;

import cn.hutool.crypto.SecureUtil;
import cn.hutool.extra.servlet.ServletUtil;
import fun.tusi.sign.annotation.SignatureCat;
import fun.tusi.sign.config.SignatureCatProperties;
import fun.tusi.sign.service.AppService;
import fun.tusi.sign.service.SignCommonService;
import fun.tusi.sign.service.SignatureCatException;
import fun.tusi.sign.util.ApiSignUtils4Sha;
import fun.tusi.sign.util.JsonUtils;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.validation.ConstraintViolation;
import javax.validation.Validator;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.core.annotation.Order;
import org.springframework.http.InvalidMediaTypeException;
import org.springframework.http.MediaType;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;

@Aspect
@Order(-100)
/* loaded from: input_file:fun/tusi/sign/aspect/SignatureCatAspect.class */
public class SignatureCatAspect {
    private static final Logger log = LoggerFactory.getLogger(SignatureCatAspect.class);

    @Autowired
    ApplicationContext applicationContext;

    @Autowired
    Validator validator;

    @Autowired
    SignCommonService signCommonService;

    @Autowired
    SignatureCatProperties signatureCatProperties;

    @Pointcut("@annotation(signatureCat)")
    public void pointCut(SignatureCat signatureCat) {
    }

    @Around("pointCut(signatureCat)")
    public Object doAround(ProceedingJoinPoint proceedingJoinPoint, SignatureCat signatureCat) throws Throwable {
        log.info("<SignatureCat doAround in>");
        HttpServletRequest request = RequestContextHolder.getRequestAttributes().getRequest();
        if (!StringUtils.hasText(request.getContentType())) {
            throw new SignatureCatException("签名验证失败，ContentType 获取失败");
        }
        try {
            MediaType parseMediaType = MediaType.parseMediaType(request.getContentType());
            String header = request.getHeader(ApiSignUtils4Sha.APPID_KEY);
            String header2 = request.getHeader("nonce");
            String header3 = request.getHeader("timestamp");
            String header4 = request.getHeader("sign");
            String method = request.getMethod();
            String servletPath = request.getServletPath();
            if (!StringUtils.hasText(header) || !StringUtils.hasText(header2) || !StringUtils.hasText(header3) || !StringUtils.hasText(header4)) {
                throw new SignatureCatException("签名验证失败，签名元参数（appid、nonce、timestamp、sign）获取失败");
            }
            if (!this.signCommonService.checkTimestampTolerant(header3, this.signatureCatProperties.getDigest().getTolerant())) {
                throw new SignatureCatException("签名验证失败，timestamp 无效");
            }
            if (!this.signCommonService.checkSign(header4, this.signatureCatProperties.getDigest().getTolerant()).booleanValue()) {
                throw new SignatureCatException("签名验证失败，sign 无效");
            }
            Map map = (Map) request.getParameterMap().entrySet().stream().collect(Collectors.toMap(entry -> {
                return (String) entry.getKey();
            }, entry2 -> {
                return (entry2.getValue() == null || ((String[]) entry2.getValue()).length <= 0) ? "" : ((String[]) entry2.getValue())[0];
            }));
            map.put(ApiSignUtils4Sha.APPID_KEY, header);
            map.put("method", method);
            map.put("path", servletPath);
            map.put("nonce", header2);
            map.put("timestamp", header3);
            if (parseMediaType.includes(MediaType.APPLICATION_JSON)) {
                map.put("content-md5", checkJson(request, proceedingJoinPoint.getArgs(), signatureCat.jsonTarget()));
            }
            log.info("[验签]signDataMap = {}", map);
            String str = this.signatureCatProperties.getDigest().getApps().get(header);
            if (!StringUtils.hasText(str)) {
                try {
                    str = ((AppService) this.applicationContext.getBean(AppService.class)).getAppSecret(header);
                } catch (NoSuchBeanDefinitionException e) {
                    throw new SignatureCatException("签名验证失败，未提供 " + AppService.class.getName() + " 接口实现类");
                }
            }
            if (!StringUtils.hasText(str)) {
                throw new SignatureCatException("签名验证失败，secret获取失败（请使用 配置文件 或 实现AppService接口 的方式配置）");
            }
            if (!Boolean.valueOf(ApiSignUtils4Sha.verify(str, this.signatureCatProperties.getDigest().getAlgorithm(), header4, map)).booleanValue()) {
                throw new SignatureCatException("签名验证失败，sign 验证失败");
            }
            log.info("<SignatureCat doAround out>");
            return proceedingJoinPoint.proceed();
        } catch (InvalidMediaTypeException e2) {
            throw new SignatureCatException("签名验证失败，ContentType = " + request.getContentType() + "，解析失败");
        }
    }

    private String checkJson(HttpServletRequest httpServletRequest, Object[] objArr, Class cls) {
        String header = httpServletRequest.getHeader("content-md5");
        if (!StringUtils.hasText(header)) {
            throw new SignatureCatException("签名验证失败，Content-Type=application/json 时，需传递 content-md5 参数");
        }
        String body = ServletUtil.getBody(httpServletRequest);
        log.info("[验签]jsonData = \n{}", body);
        String md5 = SecureUtil.md5(body);
        log.info("[验签]outJsonContentMd5 = {}", md5);
        if (!md5.equals(header)) {
            log.warn("[验签]md5不一致，jsonContentMd5 = {},outJsonContentMd5 = {}", md5, header);
            throw new SignatureCatException("签名验证失败，content-md5 和提交内容的md5值不一致");
        }
        for (int i = 0; i < objArr.length; i++) {
            Object obj = objArr[i];
            if (obj != null && cls.isInstance(obj)) {
                BeanUtils.copyProperties(JsonUtils.toBean(body, obj.getClass()), obj);
                objArr[i] = obj;
                Set<ConstraintViolation> validate = this.validator.validate(obj, new Class[0]);
                if (!validate.isEmpty()) {
                    StringBuilder sb = new StringBuilder();
                    for (ConstraintViolation constraintViolation : validate) {
                        sb.append(constraintViolation.getPropertyPath().toString());
                        sb.append(constraintViolation.getMessage());
                    }
                    throw new SignatureCatException(sb.toString());
                }
            }
        }
        return header;
    }
}
