package net.risesoft.filters;

import cn.hutool.core.date.DateUnit;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.io.IoUtil;
import java.io.IOException;
import java.time.Instant;
import java.util.Date;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import net.risesoft.exception.GlobalErrorCodeEnum;
import net.risesoft.pojo.Y9Result;
import net.risesoft.util.ApiSignUtil;
import net.risesoft.y9.configuration.feature.apiacl.Y9ApiAccessControlProperties;
import net.risesoft.y9.exception.Y9BusinessException;
import net.risesoft.y9.exception.util.Y9ExceptionUtil;
import net.risesoft.y9.json.Y9JsonUtil;
import net.risesoft.y9public.service.Y9ApiAccessControlService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:net/risesoft/filters/ApiSignFilter.class */
public class ApiSignFilter implements Filter {
    private static final String APP_ID_HEADER = "x-app-id";
    private static final String TIMESTAMP_HEADER = "x-timestamp";
    private static final String SIGNATURE_HEADER = "x-signature";
    private final Y9ApiAccessControlService y9ApiAccessControlService;
    private final Y9ApiAccessControlProperties.SignProperties signProperties;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            String header = httpServletRequest.getHeader(APP_ID_HEADER);
            String header2 = httpServletRequest.getHeader(TIMESTAMP_HEADER);
            String header3 = httpServletRequest.getHeader(SIGNATURE_HEADER);
            if (StringUtils.isBlank(header) || StringUtils.isBlank(header2) || StringUtils.isBlank(header3)) {
                throw Y9ExceptionUtil.businessException(GlobalErrorCodeEnum.API_SIGN_HEADERS_INCOMPLETE, new Object[0]);
            }
            if (!StringUtils.equalsIgnoreCase(header3, ApiSignUtil.sign(header, this.y9ApiAccessControlService.getById(header).getValue(), httpServletRequest.getRequestURI(), httpServletRequest.getQueryString(), IoUtil.read(httpServletRequest.getReader()), header2))) {
                throw Y9ExceptionUtil.businessException(GlobalErrorCodeEnum.API_SIGN_INCORRECT, new Object[0]);
            }
            if (DateUtil.between(Date.from(Instant.ofEpochSecond(Long.parseLong(header2))), Date.from(Instant.now()), DateUnit.SECOND) > this.signProperties.getValidTimeInSeconds().longValue()) {
                throw Y9ExceptionUtil.businessException(GlobalErrorCodeEnum.API_SIGN_TIMESTAMP_INVALID, new Object[0]);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Y9BusinessException e) {
            httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
            httpServletResponse.setContentType("application/json");
            httpServletResponse.getWriter().write(Y9JsonUtil.writeValueAsString(Y9Result.failure(e.getMessage())));
        }
    }

    @Generated
    public ApiSignFilter(Y9ApiAccessControlService y9ApiAccessControlService, Y9ApiAccessControlProperties.SignProperties signProperties) {
        this.y9ApiAccessControlService = y9ApiAccessControlService;
        this.signProperties = signProperties;
    }
}
