package com.cyberway.msf.commons.auth.service.impl;

import com.alibaba.fastjson.JSON;
import com.cyberway.msf.commons.api.result.ApiResultCode;
import com.cyberway.msf.commons.auth.model.AppSignInfo;
import com.cyberway.msf.commons.auth.model.SignType;
import com.cyberway.msf.commons.auth.service.ApiAuthenticationService;
import com.cyberway.msf.commons.auth.support.CommonsAuthConstants;
import com.cyberway.msf.commons.auth.support.CommonsAuthProperties;
import com.cyberway.msf.commons.auth.util.AuthUtils;
import com.cyberway.msf.commons.auth.util.JwtUtils;
import com.cyberway.msf.commons.cache.RedisUtils;
import com.cyberway.msf.commons.core.exception.BaseException;
import com.cyberway.msf.commons.model.util.LongUtils;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/cyberway/msf/commons/auth/service/impl/ApiAuthenticationServiceImpl.class */
public class ApiAuthenticationServiceImpl implements ApiAuthenticationService {

    @Autowired
    private JwtUtils jwtUtils;

    @Autowired
    private CommonsAuthProperties commonsAuthProperties;

    @Autowired
    private RedisUtils redisUtils;
    private static final String HMAC = "Hmac";
    private static final Logger logger = LoggerFactory.getLogger(ApiAuthenticationServiceImpl.class);
    private static final Long SECOND = 1000L;

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public String generateToke(String str) {
        return this.jwtUtils.getToken(str);
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public String generateToke(String str, Integer num) {
        return this.jwtUtils.getToken(str, num.intValue());
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public JwtUtils.JwtResult authenticateTokenResult(String str) {
        return this.jwtUtils.checkToken(str);
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public Boolean authenticateToken(String str) {
        boolean z = true;
        if (StringUtils.isBlank(str)) {
            z = false;
        } else if (!authenticateTokenResult(str).isSuccess()) {
            z = false;
        }
        return Boolean.valueOf(z);
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public String signature(String str, String str2, Long l, String str3) {
        return signature(str, str2, l, str3, SignType.MD5);
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public String signature(String str, String str2, Long l, String str3, SignType signType) {
        return signatureWithHmac(str, str2, l, str3, (String) null, signType);
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public String signatureWithHmac(String str, String str2, Long l, String str3, String str4, SignType signType) {
        if (!StringUtils.contains(signType.getName(), HMAC) || !StringUtils.isEmpty(str4)) {
            return sign(getSignatureContent(str, str2, l, str3), signType, str4);
        }
        logger.error("SignType {} requires secretKey.", signType.getName());
        throw new BaseException(String.format("SignType %s requires secretKey.", signType.getName()));
    }

    private String sign(String str, SignType signType, String str2) {
        switch (signType) {
            case SHA1:
                return sign(str, SignType.SHA1.getName());
            case SHA256:
                return sign(str, SignType.SHA256.getName());
            case HMAC_MD5:
                return hmacSign(str, str2, SignType.HMAC_MD5.getName());
            case HMAC_SHA1:
                return hmacSign(str, str2, SignType.HMAC_SHA1.getName());
            case HMAC_SHA256:
                return hmacSign(str, str2, SignType.HMAC_SHA256.getName());
            default:
                return sign(str, SignType.MD5.getName());
        }
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public Boolean signatureCheck(Map<String, Object> map) {
        long parseLong = Long.parseLong(String.valueOf(map.get("timestamp")));
        if (System.currentTimeMillis() - parseLong >= this.commonsAuthProperties.getApiTime().longValue() * SECOND.longValue()) {
            throw new BaseException("Sign is expired.");
        }
        return Boolean.valueOf(StringUtils.equals(String.valueOf(map.get("sign")), signatureWithHmac(String.valueOf(map.get("apiKey")), String.valueOf(map.get("nonceStr")), Long.valueOf(parseLong), String.valueOf(map.get("data")), String.valueOf(map.get("apiSecret")), SignType.valueOf(String.valueOf(map.get("signType"))))));
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public AppSignInfo loadAppSignInfo(HttpRequest httpRequest) {
        List list = httpRequest.getHeaders().get(CommonsAuthConstants.HEADER_API_AUTH_APP_KEY);
        if (list == null || list.isEmpty() || StringUtils.isBlank((CharSequence) list.get(0))) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "缺少auth-app-key请求头");
        }
        return loadAppSignInfo((String) list.get(0));
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public AppSignInfo loadAppSignInfo(String str) {
        String str2 = (String) this.redisUtils.getHashOrigin(CommonsAuthConstants.APP_AUTH_INFO_KEY, str);
        if (StringUtils.isBlank(str2)) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "无效的auth-app-key");
        }
        return (AppSignInfo) JSON.parseObject(str2, AppSignInfo.class);
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public AppSignInfo checkApiRequestSimpleMode(HttpRequest httpRequest) {
        Date date = new Date();
        HttpHeaders headers = httpRequest.getHeaders();
        List list = headers.get(CommonsAuthConstants.HEADER_API_AUTH_APP_KEY);
        if (list == null || list.isEmpty() || StringUtils.isBlank((CharSequence) list.get(0))) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "缺少auth-app-key请求头");
        }
        String str = (String) list.get(0);
        AppSignInfo loadAppSignInfo = loadAppSignInfo(str);
        if ((loadAppSignInfo.getExpirationStartDate() != null && loadAppSignInfo.getExpirationStartDate().after(date)) || (loadAppSignInfo.getExpirationEndDate() != null && loadAppSignInfo.getExpirationEndDate().before(date))) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "无效的auth-app-key");
        }
        if (!AuthUtils.checkApiList(httpRequest, loadAppSignInfo.getApiList())) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "无权请求该接口");
        }
        List list2 = headers.get(CommonsAuthConstants.HEADER_API_AUTH_TIMESTAMP);
        if (list2 == null || list2.isEmpty()) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "缺少auth-timestamp请求头");
        }
        Long tryStringToLong = LongUtils.tryStringToLong((String) list2.get(0));
        if (tryStringToLong == null) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "无效格式的auth-timestamp请求头");
        }
        if (Math.abs(date.getTime() - tryStringToLong.longValue()) >= this.commonsAuthProperties.getApiTime().longValue() * SECOND.longValue()) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "超过有效时间范围的auth-timestamp请求头");
        }
        List list3 = headers.get(CommonsAuthConstants.HEADER_API_AUTH_NONCE);
        if (list3 == null || list3.isEmpty() || StringUtils.isBlank((CharSequence) list3.get(0))) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "缺少auth-nonce请求头");
        }
        String str2 = (String) list3.get(0);
        List list4 = headers.get(CommonsAuthConstants.HEADER_API_AUTH_SIGNATURE);
        if (list4 == null || list4.isEmpty() || StringUtils.isBlank((CharSequence) list4.get(0))) {
            throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "缺少auth-signature请求头");
        }
        if (((String) list4.get(0)).equals(signApiRequestSimpleMode(httpRequest.getURI().getPath(), str, loadAppSignInfo.getSignType(), loadAppSignInfo.getAppSecret(), str2, tryStringToLong.longValue()))) {
            return loadAppSignInfo;
        }
        throw new BaseException(ApiResultCode.PERMISSION_DENIED.getResultCode(), "签名无效");
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public String signApiRequestSimpleMode(String str, String str2, SignType signType, String str3, String str4, long j) {
        return sign(str + "&appKey=" + str2 + "&nonce=" + str4 + "&timestamp=" + LongUtils.longToString(Long.valueOf(j)), signType, str3);
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public Boolean signatureCheckWithToken(Map<String, Object> map) {
        String valueOf = String.valueOf(map.get("token"));
        map.remove("token");
        return Boolean.valueOf(signatureCheck(map).booleanValue() && authenticateToken(valueOf).booleanValue());
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public Boolean signatureCheck(String str) {
        return signatureCheck(getContentMap(str));
    }

    @Override // com.cyberway.msf.commons.auth.service.ApiAuthenticationService
    public Boolean signatureCheckWithToken(String str) {
        return signatureCheckWithToken(getContentMap(str));
    }

    private String getSignatureContent(String str, String str2, Long l, String str3) {
        StringBuilder sb = new StringBuilder();
        sb.append("apiKey").append("=").append(str).append("&").append("nonceStr").append("=").append(str2).append("&").append("timestamp").append("=").append(l).append("&").append("data").append("=").append(str3);
        return sb.toString();
    }

    private Map<String, Object> getContentMap(String str) {
        HashMap hashMap = new HashMap(16);
        for (String str2 : StringUtils.split(str, "&")) {
            String[] split = StringUtils.split(str2, "=");
            if (split.length > 1) {
                hashMap.put(split[0], split[1]);
            }
        }
        return hashMap;
    }

    private String sign(String str, String str2) {
        try {
            return encodeBytes(MessageDigest.getInstance(str2).digest(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            logger.error("{} signature fail.", str2);
            throw new BaseException(String.format("%s signature fail.", str2), e);
        }
    }

    private String hmacSign(String str, String str2, String str3) {
        try {
            Mac mac = Mac.getInstance(str3);
            mac.init(new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), str3));
            return encodeBytes(mac.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (Exception e) {
            logger.error("{} signature fail.", str3);
            throw new BaseException(String.format("%s signature fail.", str3), e);
        }
    }

    private String encodeBytes(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            if ((b & 255) < 16) {
                sb.append("0");
            }
            sb.append(Integer.toHexString(b & 255));
        }
        return sb.toString().toUpperCase();
    }
}
