package com.lenovo.cloud.framework.signature.core.aop;

import cn.hutool.core.lang.Assert;
import cn.hutool.core.map.MapUtil;
import cn.hutool.core.util.ObjUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.digest.DigestUtil;
import com.lenovo.cloud.framework.common.exception.ServiceException;
import com.lenovo.cloud.framework.common.exception.enums.GlobalErrorCodeConstants;
import com.lenovo.cloud.framework.common.util.servlet.ServletUtils;
import com.lenovo.cloud.framework.signature.core.annotation.ApiSignature;
import com.lenovo.cloud.framework.signature.core.redis.ApiSignatureRedisDAO;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Map;
import java.util.Objects;
import java.util.SortedMap;
import java.util.TreeMap;
import lombok.Generated;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Aspect
/* loaded from: input_file:com/lenovo/cloud/framework/signature/core/aop/ApiSignatureAspect.class */
public class ApiSignatureAspect {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(ApiSignatureAspect.class);
    private final ApiSignatureRedisDAO signatureRedisDAO;

    @Before("@annotation(signature)")
    public void beforePointCut(JoinPoint joinPoint, ApiSignature apiSignature) {
        if (verifySignature(apiSignature, (HttpServletRequest) Objects.requireNonNull(ServletUtils.getRequest()))) {
            return;
        }
        log.error("[beforePointCut][方法{} 参数({}) 签名失败]", joinPoint.getSignature().toString(), joinPoint.getArgs());
        throw new ServiceException(GlobalErrorCodeConstants.BAD_REQUEST.getCode(), StrUtil.blankToDefault(apiSignature.message(), GlobalErrorCodeConstants.BAD_REQUEST.getMsg()));
    }

    public boolean verifySignature(ApiSignature apiSignature, HttpServletRequest httpServletRequest) {
        if (!verifyHeaders(apiSignature, httpServletRequest)) {
            return false;
        }
        String header = httpServletRequest.getHeader(apiSignature.appId());
        String appSecret = this.signatureRedisDAO.getAppSecret(header);
        Assert.notNull(appSecret, "[appId({})] 找不到对应的 appSecret", new Object[]{header});
        if (ObjUtil.notEqual(httpServletRequest.getHeader(apiSignature.sign()), DigestUtil.sha256Hex(buildSignatureString(apiSignature, httpServletRequest, appSecret)))) {
            return false;
        }
        this.signatureRedisDAO.setNonce(header, httpServletRequest.getHeader(apiSignature.nonce()), apiSignature.timeout() * 2, apiSignature.timeUnit());
        return true;
    }

    private boolean verifyHeaders(ApiSignature apiSignature, HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(apiSignature.appId());
        if (StrUtil.isBlank(header)) {
            return false;
        }
        String header2 = httpServletRequest.getHeader(apiSignature.timestamp());
        if (StrUtil.isBlank(header2)) {
            return false;
        }
        String header3 = httpServletRequest.getHeader(apiSignature.nonce());
        if (StrUtil.length(header3) < 10 || StrUtil.isBlank(httpServletRequest.getHeader(apiSignature.sign()))) {
            return false;
        }
        return Math.abs(System.currentTimeMillis() - Long.parseLong(header2)) <= apiSignature.timeUnit().toMillis((long) apiSignature.timeout()) && this.signatureRedisDAO.getNonce(header, header3) == null;
    }

    private String buildSignatureString(ApiSignature apiSignature, HttpServletRequest httpServletRequest, String str) {
        SortedMap<String, String> requestParameterMap = getRequestParameterMap(httpServletRequest);
        SortedMap<String, String> requestHeaderMap = getRequestHeaderMap(apiSignature, httpServletRequest);
        return MapUtil.join(requestParameterMap, "&", "=", new String[0]) + StrUtil.nullToDefault(ServletUtils.getBody(httpServletRequest), "") + MapUtil.join(requestHeaderMap, "&", "=", new String[0]) + str;
    }

    private static SortedMap<String, String> getRequestHeaderMap(ApiSignature apiSignature, HttpServletRequest httpServletRequest) {
        TreeMap treeMap = new TreeMap();
        treeMap.put(apiSignature.appId(), httpServletRequest.getHeader(apiSignature.appId()));
        treeMap.put(apiSignature.timestamp(), httpServletRequest.getHeader(apiSignature.timestamp()));
        treeMap.put(apiSignature.nonce(), httpServletRequest.getHeader(apiSignature.nonce()));
        return treeMap;
    }

    private static SortedMap<String, String> getRequestParameterMap(HttpServletRequest httpServletRequest) {
        TreeMap treeMap = new TreeMap();
        for (Map.Entry entry : httpServletRequest.getParameterMap().entrySet()) {
            treeMap.put((String) entry.getKey(), ((String[]) entry.getValue())[0]);
        }
        return treeMap;
    }

    @Generated
    public ApiSignatureAspect(ApiSignatureRedisDAO apiSignatureRedisDAO) {
        this.signatureRedisDAO = apiSignatureRedisDAO;
    }
}
