package com.nbf.component.aliyun.sdk.sign;

import com.nbf.component.aliyun.sdk.sign.constants.SignHttpHeaderConstants;
import com.nbf.component.aliyun.sdk.sign.constants.SignSymbolConstants;
import com.nbf.component.aliyun.sdk.sign.constants.enums.DigestAlgorithmEnum;
import com.nbf.component.aliyun.sdk.sign.constants.enums.HmacAlgorithmEnum;
import com.nbf.component.aliyun.sdk.sign.constants.enums.SignProtocolEnum;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/nbf/component/aliyun/sdk/sign/PopSignValidator.class */
public class PopSignValidator {
    private static Map<String, String> akSkMap = new HashMap(4);
    private static final ThreadLocal<MessageDigest> LOCAL_DIGEST = ThreadLocal.withInitial(() -> {
        try {
            return MessageDigest.getInstance(DigestAlgorithmEnum.SHA_256.getValue());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    });
    private static final ThreadLocal<Mac> LOCAL_HMAC = ThreadLocal.withInitial(() -> {
        try {
            return Mac.getInstance(HmacAlgorithmEnum.HMAC_SHA_256.getValue());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    });
    private static final char[] DIGITS_LOWER = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public static void addAccessKey(String str, String str2) {
        if (str == null || str2 == null) {
            throw new RuntimeException("参数为空");
        }
        akSkMap.put(str, str2);
    }

    public static void clearAccessKey() {
        akSkMap.clear();
    }

    public static void validateSignature(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            throw new RuntimeException("param: request is null");
        }
        if (akSkMap.isEmpty()) {
            throw new RuntimeException("accessKeyId / accessKeySecret have not been set");
        }
        String trim = httpServletRequest.getHeader(SignHttpHeaderConstants.AUTHORIZATION).trim();
        String value = SignProtocolEnum.ACS3_HMAC_SHA256.getValue();
        String[] split = trim.substring(trim.indexOf(value) + value.length() + 1).split(SignSymbolConstants.COMMA);
        HashMap hashMap = new HashMap(4);
        for (String str : split) {
            String[] split2 = str.split(SignSymbolConstants.EQUAL, -1);
            hashMap.put(split2[0].trim(), split2[1].trim());
        }
        String str2 = (String) hashMap.get(SignHttpHeaderConstants.AUTH_CREDENTIAL);
        String str3 = akSkMap.get(str2);
        if (str3 == null) {
            throw new RuntimeException("invalid accessKeyId=" + str2);
        }
        String str4 = (String) hashMap.get(SignHttpHeaderConstants.AUTH_SIGNED_HEADERS);
        if (str4 == null) {
            str4 = SignSymbolConstants.EMPTY;
        }
        String str5 = (String) hashMap.get(SignHttpHeaderConstants.AUTH_SIGNATURE);
        String buildCanonicalRequest = buildCanonicalRequest(httpServletRequest, str4);
        String generateStringToSign = generateStringToSign(buildCanonicalRequest);
        if (!doSign(generateStringToSign, str3).equals(str5)) {
            throw new RuntimeException("SignValidateFail. serverStringToSign=[" + generateStringToSign + "], serverCanonicalRequest=[" + buildCanonicalRequest + "]");
        }
    }

    private static String generateStringToSign(String str) {
        return SignProtocolEnum.ACS3_HMAC_SHA256.getValue() + SignSymbolConstants.LINE_SEPARATOR + hexEncodedHash(str.getBytes(StandardCharsets.UTF_8));
    }

    private static String doSign(String str, String str2) {
        Mac mac = LOCAL_HMAC.get();
        mac.reset();
        try {
            mac.init(new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), HmacAlgorithmEnum.HMAC_SHA_256.getValue()));
            return encodeHex(mac.doFinal(str.getBytes(StandardCharsets.UTF_8)));
        } catch (InvalidKeyException e) {
            throw new RuntimeException(e);
        }
    }

    private static String buildCanonicalRequest(HttpServletRequest httpServletRequest, String str) {
        return httpServletRequest.getMethod().toUpperCase() + SignSymbolConstants.LINE_SEPARATOR + getCanonicalUri(httpServletRequest.getRequestURI()) + SignSymbolConstants.LINE_SEPARATOR + getCanonicalQueryString(httpServletRequest.getQueryString()) + SignSymbolConstants.LINE_SEPARATOR + getCanonicalHeaders(httpServletRequest, str) + SignSymbolConstants.LINE_SEPARATOR + str + SignSymbolConstants.LINE_SEPARATOR + httpServletRequest.getHeader(SignHttpHeaderConstants.X_ACS_CONTENT_SHA256);
    }

    private static String getCanonicalQueryString(String str) {
        if (isBlank(str)) {
            return SignSymbolConstants.EMPTY;
        }
        HashMap hashMap = new HashMap();
        Jetty9UrlEncodedCopy.decodeUtf8To(str, hashMap);
        TreeMap treeMap = new TreeMap();
        for (Map.Entry entry : hashMap.entrySet()) {
            String percentEncodeParam = percentEncodeParam((String) entry.getKey());
            List list = (List) entry.getValue();
            ArrayList arrayList = new ArrayList(list.size());
            list.forEach(str2 -> {
                arrayList.add(str2 == null ? SignSymbolConstants.EMPTY : percentEncodeParam(str2));
            });
            if (arrayList.size() > 1) {
                Collections.sort(arrayList);
            }
            treeMap.put(percentEncodeParam, arrayList);
        }
        StringBuilder sb = new StringBuilder();
        treeMap.forEach((str3, list2) -> {
            list2.forEach(str3 -> {
                if (sb.length() > 0) {
                    sb.append(SignSymbolConstants.AMPERSAND);
                }
                sb.append(str3);
                if (str3 != null) {
                    sb.append(SignSymbolConstants.EQUAL);
                    sb.append(str3);
                }
            });
        });
        return sb.toString();
    }

    private static String getCanonicalUri(String str) {
        if (isBlank(str)) {
            return SignSymbolConstants.SLASH;
        }
        try {
            return percentEncodeUri(URLDecoder.decode(str, StandardCharsets.UTF_8.name()));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private static String getCanonicalHeaders(HttpServletRequest httpServletRequest, String str) {
        if (isBlank(str)) {
            return SignSymbolConstants.EMPTY;
        }
        String[] split = str.split(SignSymbolConstants.SEMICOLON);
        StringBuilder sb = new StringBuilder();
        for (String str2 : split) {
            sb.append(str2).append(SignSymbolConstants.COLON);
            Enumeration headers = httpServletRequest.getHeaders(str2);
            if (headers != null && headers.hasMoreElements()) {
                String trim = ((String) headers.nextElement()).trim();
                if (headers.hasMoreElements()) {
                    ArrayList arrayList = new ArrayList(4);
                    arrayList.add(trim);
                    do {
                        arrayList.add(((String) headers.nextElement()).trim());
                    } while (headers.hasMoreElements());
                    Collections.sort(arrayList);
                    sb.append(String.join(SignSymbolConstants.COMMA, arrayList));
                } else {
                    sb.append(trim);
                }
            }
            sb.append(SignSymbolConstants.LINE_SEPARATOR);
        }
        return sb.toString();
    }

    private static String hexEncodedHash(byte[] bArr) {
        MessageDigest messageDigest = LOCAL_DIGEST.get();
        messageDigest.reset();
        messageDigest.update(bArr);
        return encodeHex(messageDigest.digest());
    }

    private static String encodeHex(byte[] bArr) {
        int length = bArr.length;
        char[] cArr = new char[length << 1];
        int i = 0;
        for (int i2 = 0; i2 < length; i2++) {
            int i3 = i;
            int i4 = i + 1;
            cArr[i3] = DIGITS_LOWER[(240 & bArr[i2]) >>> 4];
            i = i4 + 1;
            cArr[i4] = DIGITS_LOWER[15 & bArr[i2]];
        }
        return new String(cArr);
    }

    private static String percentEncodeParam(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.name()).replace(SignSymbolConstants.PLUS, "%20").replace(SignSymbolConstants.ASTERISK, "%2A").replace("%7E", SignSymbolConstants.TILDE);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static String percentEncodeUri(String str) {
        return percentEncodeParam(str).replace("%2F", SignSymbolConstants.SLASH);
    }

    private static boolean isBlank(String str) {
        int length = str == null ? 0 : str.length();
        if (length == 0) {
            return true;
        }
        for (int i = 0; i < length; i++) {
            if (!Character.isWhitespace(str.charAt(i))) {
                return false;
            }
        }
        return true;
    }
}
