package org.apache.shenyu.plugin.open.third.sign.service;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.apache.shenyu.plugin.api.result.ShenyuResultEnum;
import org.apache.shenyu.plugin.open.third.sign.api.CheckSupplier;
import org.apache.shenyu.plugin.open.third.sign.api.OpenAppCheckContext;
import org.apache.shenyu.plugin.open.third.sign.api.VerifyResult;
import org.apache.shenyu.plugin.open.third.sign.enums.CallWayEnum;
import org.apache.shenyu.plugin.open.third.sign.handler.OpenThirdSignRuleHandle;
import org.apache.shenyu.plugin.open.third.sign.handler.OpenThirdSignSelectorHandle;
import org.apache.shenyu.plugin.open.third.sign.util.AuthUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;

@Component
/* loaded from: input_file:org/apache/shenyu/plugin/open/third/sign/service/OpenAppCheckService.class */
public class OpenAppCheckService {
    private static final String JWT_KEY = "ZbsFUVgtDOi3HYB6yxjPeNMr0h8C4vXqLczW9oAkn1JK2pSuT5wRlfdGmI7QaEhV";
    private static final Logger log = LoggerFactory.getLogger(OpenAppCheckService.class);

    public VerifyResult verifySign(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle, OpenThirdSignRuleHandle openThirdSignRuleHandle, String str) {
        return CheckSupplier.apply().or(openThirdSignSelectorHandle.getCallWay(), CallWayEnum.SYNC_WIZARD, () -> {
            return verifySyncWizard(serverWebExchange, openThirdSignSelectorHandle, str);
        }).or(openThirdSignSelectorHandle.getCallWay(), CallWayEnum.STANDARD_INTERFACE, () -> {
            return verifyStandardInterface(serverWebExchange, openThirdSignSelectorHandle, openThirdSignRuleHandle, str);
        }).check();
    }

    public VerifyResult verifySignWithForm(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle, OpenThirdSignRuleHandle openThirdSignRuleHandle, MultiValueMap<String, String> multiValueMap) {
        return CheckSupplier.apply().or(openThirdSignSelectorHandle.getCallWay(), CallWayEnum.SYNC_WIZARD, () -> {
            return verifySyncWizardWithForm(serverWebExchange, openThirdSignSelectorHandle, multiValueMap);
        }).or(openThirdSignSelectorHandle.getCallWay(), CallWayEnum.STANDARD_INTERFACE, () -> {
            return verifyStandardInterfaceWithForm(serverWebExchange, openThirdSignSelectorHandle, openThirdSignRuleHandle, multiValueMap);
        }).check();
    }

    public VerifyResult verifySignWithoutBody(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle, OpenThirdSignRuleHandle openThirdSignRuleHandle) {
        return CheckSupplier.apply().or(openThirdSignSelectorHandle.getCallWay(), CallWayEnum.SYNC_WIZARD, () -> {
            return verifySyncWizardWithoutBody(serverWebExchange, openThirdSignSelectorHandle);
        }).or(openThirdSignSelectorHandle.getCallWay(), CallWayEnum.STANDARD_INTERFACE, () -> {
            return verifyStandardInterfaceWithoutBody(serverWebExchange, openThirdSignSelectorHandle, openThirdSignRuleHandle);
        }).check();
    }

    private OpenAppCheckContext verifySyncWizard(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle, String str) {
        return OpenAppCheckContext.init().setServerWebExchange(serverWebExchange).setOpenThirdSignSelectorHandle(openThirdSignSelectorHandle).setRequestBody(str).apply(this::checkTimestamp).apply(this::checkUserApp).apply(this::checkSign).apply(this::checkToken);
    }

    private OpenAppCheckContext verifySyncWizardWithForm(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle, MultiValueMap<String, String> multiValueMap) {
        return OpenAppCheckContext.init().setServerWebExchange(serverWebExchange).setOpenThirdSignSelectorHandle(openThirdSignSelectorHandle).setFormData(multiValueMap).apply(this::checkTimestamp).apply(this::checkUserApp).apply(this::checkSignWithForm).apply(this::checkToken);
    }

    private VerifyResult verifySyncWizardWithoutBody(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle) {
        return OpenAppCheckContext.init().setServerWebExchange(serverWebExchange).setOpenThirdSignSelectorHandle(openThirdSignSelectorHandle).apply(this::checkTimestamp).apply(this::checkUserApp).apply(this::checkSignWithoutBody).apply(this::checkToken);
    }

    private OpenAppCheckContext verifyStandardInterface(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle, OpenThirdSignRuleHandle openThirdSignRuleHandle, String str) {
        return OpenAppCheckContext.init().setOpenThirdSignSelectorHandle(openThirdSignSelectorHandle).setOpenThirdSignRuleHandle(openThirdSignRuleHandle).setServerWebExchange(serverWebExchange).setRequestBody(str).apply(this::checkTimestamp).apply(this::checkUserApp).apply(this::checkInterface).apply(this::checkSign);
    }

    private VerifyResult verifyStandardInterfaceWithForm(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle, OpenThirdSignRuleHandle openThirdSignRuleHandle, MultiValueMap<String, String> multiValueMap) {
        return OpenAppCheckContext.init().setOpenThirdSignSelectorHandle(openThirdSignSelectorHandle).setOpenThirdSignRuleHandle(openThirdSignRuleHandle).setServerWebExchange(serverWebExchange).setFormData(multiValueMap).apply(this::checkTimestamp).apply(this::checkUserApp).apply(this::checkInterface).apply(this::checkSignWithForm);
    }

    private VerifyResult verifyStandardInterfaceWithoutBody(ServerWebExchange serverWebExchange, OpenThirdSignSelectorHandle openThirdSignSelectorHandle, OpenThirdSignRuleHandle openThirdSignRuleHandle) {
        return OpenAppCheckContext.init().setOpenThirdSignSelectorHandle(openThirdSignSelectorHandle).setOpenThirdSignRuleHandle(openThirdSignRuleHandle).setServerWebExchange(serverWebExchange).apply(this::checkTimestamp).apply(this::checkUserApp).apply(this::checkInterface).apply(this::checkSignWithoutBody);
    }

    private OpenAppCheckContext checkTimestamp(OpenAppCheckContext openAppCheckContext) {
        String first = openAppCheckContext.getServerWebExchange().getRequest().getHeaders().getFirst("timestamp");
        if (StringUtils.isBlank(first)) {
            return openAppCheckContext.fail("sign parameters are incomplete!");
        }
        return (!StringUtils.isNumeric(first) || System.currentTimeMillis() - Long.parseLong(first) > 300000) ? openAppCheckContext.fail(String.format(ShenyuResultEnum.SIGN_TIME_IS_TIMEOUT.getMsg(), 5)) : openAppCheckContext;
    }

    private OpenAppCheckContext checkUserApp(OpenAppCheckContext openAppCheckContext) {
        String first = openAppCheckContext.getServerWebExchange().getRequest().getHeaders().getFirst("appKey");
        if (StringUtils.isBlank(first)) {
            log.warn("appKey为空!");
            return openAppCheckContext.fail("sign appKey does not exist.");
        }
        OpenThirdSignSelectorHandle openThirdSignSelectorHandle = openAppCheckContext.getOpenThirdSignSelectorHandle();
        if (Objects.equals(first, openThirdSignSelectorHandle.getAppKey())) {
            return openAppCheckContext;
        }
        log.warn("appKey匹配错误！request appKey:{} shenyu appKey:{}", first, openThirdSignSelectorHandle.getAppKey());
        return openAppCheckContext.fail("sign appKey does not exist.");
    }

    private OpenAppCheckContext checkToken(OpenAppCheckContext openAppCheckContext) {
        OpenThirdSignSelectorHandle openThirdSignSelectorHandle = openAppCheckContext.getOpenThirdSignSelectorHandle();
        String token = openThirdSignSelectorHandle.getToken();
        String first = openAppCheckContext.getServerWebExchange().getRequest().getHeaders().getFirst("token");
        if (StringUtils.isNotBlank(first)) {
            if (!StringUtils.equals(first, token)) {
                return handleTokenMismatch(openAppCheckContext, first, token);
            }
        } else if (StringUtils.isNotBlank(token)) {
            log.warn("New version logged in, old version without token request present: {}", openThirdSignSelectorHandle.getAppKey());
        }
        return openAppCheckContext;
    }

    private OpenAppCheckContext checkInterface(OpenAppCheckContext openAppCheckContext) {
        if (openAppCheckContext.getOpenThirdSignRuleHandle().getStatus()) {
            return openAppCheckContext;
        }
        log.warn("接口状态未开启");
        return openAppCheckContext.fail("接口状态未开启");
    }

    private OpenAppCheckContext handleTokenMismatch(OpenAppCheckContext openAppCheckContext, String str, String str2) {
        try {
            Date issuedAt = parseTokenClaims(str).getIssuedAt();
            if (StringUtils.isBlank(str2)) {
                if (isTokenRecentlyIssued(issuedAt)) {
                    return openAppCheckContext;
                }
            } else if (isNewerToken(issuedAt, parseTokenClaims(str2).getIssuedAt())) {
                return openAppCheckContext;
            }
        } catch (Exception e) {
            log.error("Token validation error: {}", e.getMessage(), e);
        }
        return openAppCheckContext.fail(499, "Token has been logged out");
    }

    private Claims parseTokenClaims(String str) {
        return (Claims) Jwts.parserBuilder().setSigningKey(JWT_KEY.getBytes(StandardCharsets.UTF_8)).build().parseClaimsJws(str).getBody();
    }

    private boolean isTokenRecentlyIssued(Date date) {
        return date != null && date.after(DateUtils.addMinutes(new Date(), -1));
    }

    private boolean isNewerToken(Date date, Date date2) {
        return (date == null || date2 == null || !date.after(date2)) ? false : true;
    }

    private OpenAppCheckContext checkSign(OpenAppCheckContext openAppCheckContext) {
        return !AuthUtil.checkSign(openAppCheckContext.getServerWebExchange(), openAppCheckContext.getRequestBody(), openAppCheckContext.getOpenThirdSignSelectorHandle().getAppSecret()) ? openAppCheckContext.fail("signature value is error!") : openAppCheckContext;
    }

    private OpenAppCheckContext checkSignWithForm(OpenAppCheckContext openAppCheckContext) {
        return !AuthUtil.checkSignWithFormData(openAppCheckContext.getServerWebExchange(), openAppCheckContext.getFormData(), openAppCheckContext.getOpenThirdSignSelectorHandle().getAppSecret()) ? openAppCheckContext.fail("signature value is error!") : openAppCheckContext;
    }

    private OpenAppCheckContext checkSignWithoutBody(OpenAppCheckContext openAppCheckContext) {
        return !AuthUtil.checkSignWithoutBody(openAppCheckContext.getServerWebExchange(), openAppCheckContext.getOpenThirdSignSelectorHandle().getAppSecret()) ? openAppCheckContext.fail("signature value is error!") : openAppCheckContext;
    }
}
