package com.dtyunxi.tcbj.app.open.biz.auth.interceptor;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.parser.Feature;
import com.dtyunxi.tcbj.app.open.biz.auth.config.ContentRepeatableHttpServletRequestWrapper;
import com.dtyunxi.tcbj.app.open.biz.auth.config.ModeTypeEnum;
import com.dtyunxi.tcbj.app.open.biz.auth.config.ThirdAuthProperties;
import com.dtyunxi.tcbj.app.open.biz.auth.sign.SignHelper;
import com.dtyunxi.tcbj.app.open.biz.auth.sign.dto.BasicSignDto;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/dtyunxi/tcbj/app/open/biz/auth/interceptor/ThirdAuthInterceptor.class */
public class ThirdAuthInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(ThirdAuthInterceptor.class);
    private static final String MSG_API_NOT_SIGN = "{\"resultCode\":401,\"resultMsg\":\"not sign ,%s\"}";
    private final ThirdAuthProperties properties;
    private List<Pattern> wildcards;
    private final SignHelper signHelper;
    private final Map<String, String> instanceSecretMap = new ConcurrentHashMap();
    private final Map<String, Boolean> precisionMap = new HashMap(10);
    private final ThreadLocal<String> local = ThreadLocal.withInitial(() -> {
        return "";
    });

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.dtyunxi.tcbj.app.open.biz.auth.interceptor.ThirdAuthInterceptor$1, reason: invalid class name */
    /* loaded from: input_file:com/dtyunxi/tcbj/app/open/biz/auth/interceptor/ThirdAuthInterceptor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$springframework$http$HttpMethod = new int[HttpMethod.values().length];

        static {
            try {
                $SwitchMap$org$springframework$http$HttpMethod[HttpMethod.POST.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpMethod[HttpMethod.PUT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpMethod[HttpMethod.GET.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$springframework$http$HttpMethod[HttpMethod.DELETE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public ThirdAuthInterceptor(SignHelper signHelper, ThirdAuthProperties thirdAuthProperties) {
        this.signHelper = signHelper;
        this.properties = thirdAuthProperties;
    }

    @PostConstruct
    public void init() {
        List<String> targetList = this.properties.getTargetList();
        this.wildcards = new ArrayList(targetList.size());
        String str = "((/[a-zA-Z0-9-|_]+)|(/\\{[a-zA-Z0-9-|_]+\\}))";
        String str2 = "(((/[a-zA-Z0-9-|_]+)|(/\\{[a-zA-Z0-9-|_]+\\})))+";
        String str3 = "/**";
        String str4 = "/*";
        targetList.forEach(str5 -> {
            if (str5.contains(str3)) {
                this.wildcards.add(Pattern.compile(str5.replace(str3, str2).replace(str4, str)));
            } else if (!str5.contains(str4)) {
                this.precisionMap.put(str5, true);
            } else {
                this.wildcards.add(Pattern.compile(str5.replace("r2", str)));
            }
        });
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        String replace = httpServletRequest.getRequestURI().replace(httpServletRequest.getContextPath(), "");
        return ((Boolean) Optional.ofNullable(this.properties.getTargetList()).filter(list -> {
            return list.size() != 0;
        }).map(list2 -> {
            PrintWriter writer;
            Throwable th;
            if (!match(replace) || ((Boolean) Optional.ofNullable(httpServletRequest.getHeader("X-Yx-Signature")).map(str -> {
                return isValid(httpServletRequest, str);
            }).orElse(false)).booleanValue()) {
                return true;
            }
            try {
                writer = httpServletResponse.getWriter();
                th = null;
            } catch (IOException e) {
                e.printStackTrace();
            }
            try {
                try {
                    writer.write(String.format(MSG_API_NOT_SIGN, this.local.get()));
                    if (writer != null) {
                        if (0 != 0) {
                            try {
                                writer.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            writer.close();
                        }
                    }
                    return false;
                } finally {
                }
            } finally {
            }
        }).orElse(true)).booleanValue();
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        this.local.remove();
    }

    private Boolean isValid(HttpServletRequest httpServletRequest, String str) {
        String header = httpServletRequest.getHeader("Application-Key");
        return (Boolean) Optional.ofNullable(getAppSecret(header)).filter(StringUtils::isNotBlank).map(str2 -> {
            BasicSignDto basicSignDto = new BasicSignDto();
            basicSignDto.setNonce(httpServletRequest.getHeader("X-Yx-Nonce"));
            basicSignDto.setTimestamp(httpServletRequest.getHeader("X-Yx-Timestamp"));
            basicSignDto.setAppSecret(str2);
            basicSignDto.setAppKey(header);
            basicSignDto.setReqParam(extractReqParam(httpServletRequest));
            String sign = this.signHelper.sign(basicSignDto);
            String str2 = JSONObject.toJSONString(basicSignDto) + "," + sign;
            this.local.set(str2);
            log.info("签名调试日志:{}", str2);
            return Boolean.valueOf(sign.equals(str));
        }).orElse(false);
    }

    private JSONObject extractReqParam(HttpServletRequest httpServletRequest) {
        if (ModeTypeEnum.ZERO.equals(ModeTypeEnum.resolve(this.properties.getModel()))) {
            return new JSONObject();
        }
        try {
            return doExtractReqParam(httpServletRequest);
        } catch (Exception e) {
            e.printStackTrace();
            return new JSONObject();
        }
    }

    private JSONObject doExtractReqParam(HttpServletRequest httpServletRequest) throws IOException {
        switch (AnonymousClass1.$SwitchMap$org$springframework$http$HttpMethod[((HttpMethod) Objects.requireNonNull(HttpMethod.resolve(httpServletRequest.getMethod()))).ordinal()]) {
            case 1:
            case 2:
                return JSONObject.parseObject(((ContentRepeatableHttpServletRequestWrapper) httpServletRequest).getBody(), new Feature[]{Feature.OrderedField});
            case 3:
            case 4:
                return (JSONObject) Optional.ofNullable(URLEncoder.encode(httpServletRequest.getQueryString(), "utf-8")).map(this::parseUrlData).orElse(new JSONObject());
            default:
                return new JSONObject();
        }
    }

    private JSONObject parseUrlData(String str) {
        String[] split = str.split("&");
        JSONObject jSONObject = new JSONObject(split.length, true);
        Stream.of((Object[]) split).forEach(str2 -> {
            String[] split2 = str2.split("=");
            jSONObject.put(split2[0], split2[1]);
        });
        return jSONObject;
    }

    private String getAppSecret(String str) {
        this.instanceSecretMap.putIfAbsent(str, loadAppSecret(str));
        return this.instanceSecretMap.get(str);
    }

    private String loadAppSecret(String str) {
        return this.properties.getAppKeyMap().getOrDefault(str, "");
    }

    private boolean match(String str) {
        return this.precisionMap.containsKey(str) || this.wildcards.stream().anyMatch(pattern -> {
            return pattern.matcher(str).matches();
        });
    }
}
