package com.jzt.zhcai.auth.web.sign;

import cn.hutool.crypto.digest.MD5;
import com.jzt.wotu.Conv;
import com.jzt.wotu.StringUtils;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:com/jzt/zhcai/auth/web/sign/HttpSign.class */
public abstract class HttpSign implements Sign<HttpServletRequest> {
    private static final Logger log = LoggerFactory.getLogger(HttpSign.class);
    private static final String HEADER_TOKEN = "zhcaiToken";
    private static final String VERSION_CODE = "versionCode";
    private static final String HEADER_SIGN = "_s";
    private static final String HEADER_TIMESTAMP = "_t";
    protected int requestTtl;
    protected int versionCode;
    protected List<String> urlPrefixWhiteList;
    protected List<String> urlPrefixBlackList;
    protected int maxContentLength;
    protected final String JSON_A = "{";
    protected final String JSON_B = "}";
    protected final String JSON_C = "[";
    protected final String JSON_D = "]";
    protected final String JSON_COMMA = ",";
    protected final String JSON_QUATE = "\"";
    protected final String JSON_COLON = ":";
    protected final String EMPTY_STR = "";
    protected final String LOG_TAG = "[AUTH请求验签]";
    private MD5 md5 = new MD5();

    @Override // com.jzt.zhcai.auth.web.sign.Sign
    public boolean support(HttpServletRequest httpServletRequest) {
        return headerSupport(httpServletRequest) && urlSupport(httpServletRequest) && versionCodeSupport(httpServletRequest) && contentTypeSupport(httpServletRequest) && contentLengthSupport(httpServletRequest);
    }

    public boolean contentLengthSupport(HttpServletRequest httpServletRequest) {
        int contentLength = httpServletRequest.getContentLength();
        boolean z = contentLength <= this.maxContentLength;
        StringBuilder sb = new StringBuilder();
        sb.append("请求内容长度校验:内容长度:").append(contentLength).append(",长度限制:").append(this.maxContentLength).append(",支持验签:").append(z);
        standardLogResult(sb.toString(), httpServletRequest, z);
        return z;
    }

    protected boolean headerSupport(HttpServletRequest httpServletRequest) {
        boolean z = true;
        if (StringUtils.isNullOrEmpty(getHeader(httpServletRequest, HEADER_SIGN))) {
            z = false;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("请求头校验:校验是否有签名头,支持验签:").append(z);
        standardLogResult(sb.toString(), httpServletRequest, z);
        return z;
    }

    protected boolean urlSupport(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        boolean z = false;
        if (CollectionUtils.isEmpty(this.urlPrefixBlackList) && CollectionUtils.isEmpty(this.urlPrefixWhiteList)) {
            z = true;
        } else if (!CollectionUtils.isEmpty(this.urlPrefixBlackList) && !CollectionUtils.isEmpty(this.urlPrefixWhiteList)) {
            z = isUrlInPrefixList(requestURI, this.urlPrefixBlackList) ? false : isUrlInPrefixList(requestURI, this.urlPrefixWhiteList);
        } else if (!CollectionUtils.isEmpty(this.urlPrefixWhiteList)) {
            z = isUrlInPrefixList(requestURI, this.urlPrefixWhiteList);
        } else if (!CollectionUtils.isEmpty(this.urlPrefixBlackList)) {
            z = !isUrlInPrefixList(requestURI, this.urlPrefixBlackList);
        }
        StringBuilder sb = new StringBuilder();
        sb.append("url黑白名单校验,支持验签:").append(z);
        standardLogResult(sb.toString(), httpServletRequest, z);
        return z;
    }

    private boolean isUrlInPrefixList(String str, List<String> list) {
        boolean z = false;
        if (!CollectionUtils.isEmpty(list)) {
            Iterator<String> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (str.startsWith(it.next())) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    protected final boolean versionCodeSupport(HttpServletRequest httpServletRequest) {
        boolean z = false;
        int NI = Conv.NI(getHeader(httpServletRequest, VERSION_CODE), -1);
        if (NI == -1 || NI >= this.versionCode) {
            z = true;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("url版本校验结果:前端版本:").append(NI).append(",后端版本:").append(this.versionCode).append(",支持验签:").append(z);
        standardLogResult(sb.toString(), httpServletRequest, z);
        return z;
    }

    protected abstract boolean contentTypeSupport(HttpServletRequest httpServletRequest);

    protected final boolean isRequestValid(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HEADER_TIMESTAMP);
        long NL = Conv.NL(header);
        StringBuilder sb = new StringBuilder();
        if (NL <= 0) {
            sb.append("请求时间校验不通过:请求时间非法:").append(header).append(",验签被拦截:true");
            standardLogResult(sb.toString(), httpServletRequest, false);
            return false;
        }
        long currentTimeMillis = System.currentTimeMillis();
        long abs = Math.abs(currentTimeMillis - NL);
        boolean z = abs >= 0 && abs <= ((long) this.requestTtl);
        sb.append("请求时间校验-请求时间:").append(NL).append(",当前时间:").append(currentTimeMillis).append(",验签被拦截:").append(!z);
        standardLogResult(sb.toString(), httpServletRequest, z);
        return z;
    }

    @Override // com.jzt.zhcai.auth.web.sign.Sign
    public final boolean checkSign(HttpServletRequest httpServletRequest) {
        String str = getTokenHeader(httpServletRequest) + getParam(httpServletRequest) + getTimestampHeader(httpServletRequest);
        try {
            String digestHex = this.md5.digestHex(str);
            String signHeader = getSignHeader(httpServletRequest);
            boolean equals = signHeader.equals(digestHex);
            StringBuilder sb = new StringBuilder();
            sb.append("请求验签,原文:").append(str).append(",前端签名:").append(signHeader).append(",后端签名:").append(digestHex).append(",验签被拦截:").append(!equals);
            standardLogResult(sb.toString(), httpServletRequest, equals);
            return equals;
        } catch (Exception e) {
            log.warn("{}生成摘要异常,原文:{},异常:{}", new Object[]{"[AUTH请求验签]", str, e});
            throw e;
        }
    }

    public final boolean verify(HttpServletRequest httpServletRequest) {
        if (support(httpServletRequest)) {
            return isRequestValid(httpServletRequest) && checkSign(httpServletRequest);
        }
        return true;
    }

    public abstract String getParam(HttpServletRequest httpServletRequest);

    public final String getTokenHeader(HttpServletRequest httpServletRequest) {
        return getHeader(httpServletRequest, HEADER_TOKEN);
    }

    public final String getTimestampHeader(HttpServletRequest httpServletRequest) {
        return getHeader(httpServletRequest, HEADER_TIMESTAMP);
    }

    public final String getSignHeader(HttpServletRequest httpServletRequest) {
        return getHeader(httpServletRequest, HEADER_SIGN);
    }

    private String getHeader(HttpServletRequest httpServletRequest, String str) {
        paramValidate(httpServletRequest == null);
        paramValidate(StringUtils.isNullOrEmpty(str));
        String header = httpServletRequest.getHeader(str);
        return header == null ? "" : header;
    }

    protected int getVersionCode(HttpServletRequest httpServletRequest) {
        return Conv.NI(getHeader(httpServletRequest, HEADER_TOKEN), -1);
    }

    public final String getPathParam(HttpServletRequest httpServletRequest) {
        paramValidate(httpServletRequest == null);
        String queryString = httpServletRequest.getQueryString();
        return queryString == null ? "" : queryString;
    }

    public void paramValidate(boolean z) {
        if (z) {
            throw new IllegalArgumentException();
        }
    }

    public void standardLogResult(String str, HttpServletRequest httpServletRequest, boolean z) {
        if (z) {
            log.debug("{}请求地址{} {}", new Object[]{"[AUTH请求验签]", httpServletRequest.getRequestURL(), str});
        } else {
            standardLogFailResult(str, httpServletRequest);
        }
    }

    public void standardLogFailResult(String str, HttpServletRequest httpServletRequest) {
        log.warn("{}请求地址{} {}", new Object[]{"[AUTH请求验签]", httpServletRequest.getRequestURL(), str});
    }
}
