package esign.utils.httpclient.impl;

import esign.utils.IOUtil;
import esign.utils.asserts.AssertSupport;
import esign.utils.coding.Coder;
import esign.utils.exception.ErrorsDiscriptor;
import esign.utils.exception.SuperException;
import esign.utils.httpclient.HttpConfig;
import esign.utils.httpclient.IRequestReady;
import esign.utils.httpclient.IResponseReady;
import esign.utils.httpclient.ProjectAccesser;
import esign.utils.httpclient.ctrl.AccessSignAlg;
import esign.utils.security.cipher.AsymmetricSignerProviderFactory;
import esign.utils.security.cipher.MacSignerProviderFactory;
import esign.utils.security.cipher.impl.ISimSignerProvider;
import esign.utils.security.model.DigestAlgorithmModel;
import java.io.IOException;
import java.io.InputStream;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpMessage;
import org.apache.http.HttpResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:esign/utils/httpclient/impl/HttpSignerConfig.class */
public class HttpSignerConfig extends HttpConfig implements IRequestReady, IResponseReady {
    private static final String HEADER_NAME_TIMEVALE_PROJECT_ID = "X-timevale-project-id";
    private static final String HEADER_NAME_TIMEVALE_MODE = "X-timevale-mode";
    private static final String HEADER_NAME_TIMEVALE_SIGNATURE = "X-timevale-signature";
    private static final String HEADER_NAME_TIMEVALE_SIGNATURE_ALG = "X-timevale-signature-algorithm";
    private static final Logger LOGGER = LoggerFactory.getLogger(HttpSignerConfig.class);
    private String projectId;
    private AccessSignAlg accessSignAlg;
    private String userSecret;
    private String sysSecret;
    private boolean verify;

    public HttpSignerConfig(ProjectAccesser projectAccesser) {
        this(projectAccesser, true);
    }

    public HttpSignerConfig(ProjectAccesser projectAccesser, boolean z) {
        this.projectId = projectAccesser.getProjectId();
        this.accessSignAlg = projectAccesser.getAccessSignAlg();
        this.userSecret = projectAccesser.getUserSecret();
        this.sysSecret = projectAccesser.getSystemSecret();
        this.verify = z;
        setRequestReady(this);
        setResponseReady(this);
    }

    private static String sign(AccessSignAlg accessSignAlg, String str, InputStream inputStream) throws SuperException {
        try {
            return sign(IOUtil.readStreamAsByteArray(inputStream), accessSignAlg, str);
        } catch (Exception e) {
            LOGGER.error("read data form stream failed.", e);
            throw ErrorsDiscriptor.InternalService.e(e);
        }
    }

    private static String sign(byte[] bArr, AccessSignAlg accessSignAlg, String str) throws IllegalStateException, SuperException {
        return Coder.BINARY.encode(signer(accessSignAlg, str).sign(bArr));
    }

    private static boolean verify(byte[] bArr, AccessSignAlg accessSignAlg, String str, byte[] bArr2) throws IllegalStateException, SuperException {
        return signer(accessSignAlg, str).verify(bArr, bArr2);
    }

    private static ISimSignerProvider signer(AccessSignAlg accessSignAlg, String str) throws SuperException {
        return (accessSignAlg.equals(AccessSignAlg.ALG_HMAC_SHA256) ? MacSignerProviderFactory.HMAC.factory(DigestAlgorithmModel.SHA256) : AsymmetricSignerProviderFactory.RSA.factory(DigestAlgorithmModel.SHA1)).create().init(str);
    }

    @Override // esign.utils.httpclient.IResponseReady
    public void ready(HttpResponse httpResponse, byte[] bArr) throws SuperException {
        if (this.verify) {
            Header firstHeader = httpResponse.getFirstHeader(HEADER_NAME_TIMEVALE_SIGNATURE);
            AssertSupport.assertNotnull(firstHeader, ErrorsDiscriptor.MissingPlatformSignature.e());
            if (verify(bArr, this.accessSignAlg, this.sysSecret, Coder.BINARY.decode(firstHeader.getValue()))) {
                return;
            }
            LOGGER.error("verify failed.");
            throw ErrorsDiscriptor.FailureCipherVerify.e();
        }
    }

    @Override // esign.utils.httpclient.IRequestReady
    public void ready(HttpMessage httpMessage, HttpEntity httpEntity) throws SuperException {
        httpMessage.addHeader(HEADER_NAME_TIMEVALE_PROJECT_ID, this.projectId);
        httpMessage.addHeader(HEADER_NAME_TIMEVALE_MODE, "package");
        httpMessage.addHeader(HEADER_NAME_TIMEVALE_SIGNATURE_ALG, this.accessSignAlg.disc());
        try {
            httpMessage.addHeader(HEADER_NAME_TIMEVALE_SIGNATURE, sign(this.accessSignAlg, this.userSecret, httpEntity.getContent()));
        } catch (IOException e) {
            LOGGER.error("get content failed.", e);
            throw ErrorsDiscriptor.InternalService.e(e);
        } catch (UnsupportedOperationException e2) {
            LOGGER.error("get content failed.", e2);
            throw ErrorsDiscriptor.InternalService.e(e2);
        }
    }
}
