package org.apache.shenyu.plugin.sign.service;

import java.io.IOException;
import java.net.URLDecoder;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.apache.shenyu.common.dto.AppAuthData;
import org.apache.shenyu.common.enums.OpenOuterPlatformEnum;
import org.apache.shenyu.plugin.sign.api.VerifyResult;
import org.apache.shenyu.plugin.sign.cache.SignAuthDataCache;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.util.CollectionUtils;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;

/* loaded from: input_file:org/apache/shenyu/plugin/sign/service/AliHealthSignService.class */
public class AliHealthSignService implements SignService {
    private static final Logger LOG = LoggerFactory.getLogger(LBSignService.class);
    private static final String TOP_SIGN_LIST_HEADER_KEY = "top-sign-list";
    private static final String ALI_HEALTH_UUID = "f9f29281879c4d47a2241c4e59913ebe";
    private static final String TARGET_APP_KEY = "target_appkey";

    @Override // org.apache.shenyu.plugin.sign.service.SignService
    public VerifyResult signatureVerify(ServerWebExchange serverWebExchange, String str) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        HashMap hashMap = new HashMap();
        HttpHeaders headers = request.getHeaders();
        MediaType contentType = headers.getContentType();
        String str2 = "UTF-8";
        if (contentType != null && contentType.getCharset() != null) {
            str2 = contentType.getCharset().toString();
        }
        try {
            hashMap.putAll(getHeaderMap(headers, str2));
            MultiValueMap<String, String> queryParams = request.getQueryParams();
            Map<String, String> queryMap = getQueryMap(queryParams);
            hashMap.putAll(queryMap);
            if (!checkTimestamp(queryParams, 10)) {
                return VerifyResult.fail("sign parameters are incomplete!");
            }
            String orDefault = queryMap.getOrDefault(TARGET_APP_KEY, ALI_HEALTH_UUID);
            String str3 = queryMap.get("sign");
            AppAuthData appAuthData = (AppAuthData) Optional.of(orDefault).map(str4 -> {
                return SignAuthDataCache.getInstance().obtainAuthData(str4);
            }).orElse(null);
            return appAuthData == null ? VerifyResult.fail("sign appKey does not exist.") : Objects.equals(sign(hashMap, str, appAuthData.getAppSecret(), str2), str3) ? VerifyResult.success() : VerifyResult.fail("signature value is error!");
        } catch (Exception e) {
            LOG.error("阿里签名校验异常:{}", e.getMessage(), e);
            return VerifyResult.fail("sign parameters are incomplete!");
        }
    }

    private Map<String, String> getQueryMap(MultiValueMap<String, String> multiValueMap) {
        HashMap hashMap = new HashMap();
        if (!CollectionUtils.isEmpty(multiValueMap)) {
            for (Map.Entry entry : multiValueMap.entrySet()) {
                hashMap.put((String) entry.getKey(), String.join(",", (Iterable<? extends CharSequence>) entry.getValue()));
            }
        }
        return hashMap;
    }

    private Map<String, String> getHeaderMap(HttpHeaders httpHeaders, String str) throws IOException {
        HashMap hashMap = new HashMap();
        String first = httpHeaders.getFirst(TOP_SIGN_LIST_HEADER_KEY);
        if (StringUtils.isNotBlank(first)) {
            for (String str2 : first.split(",")) {
                String first2 = httpHeaders.getFirst(str2);
                if (StringUtils.isEmpty(first2)) {
                    hashMap.put(str2, "");
                } else {
                    hashMap.put(str2, URLDecoder.decode(first2, str));
                }
            }
        }
        return hashMap;
    }

    private static String sign(Map<String, String> map, String str, String str2, String str3) throws IOException {
        StringBuilder sb = new StringBuilder(str2);
        sb.append(getParamStrFromMap(map));
        if (str != null) {
            sb.append(str);
        }
        sb.append(str2);
        return byte2hex(encryptMD5(sb.toString().getBytes(str3)));
    }

    public static byte[] encryptMD5(byte[] bArr) throws IOException {
        try {
            return MessageDigest.getInstance("MD5").digest(bArr);
        } catch (GeneralSecurityException e) {
            throw new IOException(e.toString());
        }
    }

    public static String byte2hex(byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            if (hexString.length() == 1) {
                sb.append("0");
            }
            sb.append(hexString.toUpperCase());
        }
        return sb.toString();
    }

    private static String getParamStrFromMap(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        if (map != null && !map.isEmpty()) {
            String[] strArr = (String[]) map.keySet().toArray(new String[0]);
            Arrays.sort(strArr);
            for (String str : strArr) {
                if (!"sign".equals(str)) {
                    sb.append(str);
                    sb.append(map.get(str));
                }
            }
        }
        return sb.toString();
    }

    public static boolean checkTimestamp(MultiValueMap<String, String> multiValueMap, int i) {
        String str = (String) multiValueMap.getFirst("timestamp");
        if (str == null) {
            return false;
        }
        try {
            return Math.abs(Calendar.getInstance().getTime().getTime() - DateUtils.parseDate(str, new String[]{"yyyy-MM-dd HH:mm:ss"}).getTime()) <= ((long) (i * 60)) * 1000;
        } catch (Exception e) {
            LOG.error("parse timestamp error : {}", e.getMessage(), e);
            return false;
        }
    }

    @Override // org.apache.shenyu.plugin.sign.service.SignService
    public VerifyResult signatureVerify(ServerWebExchange serverWebExchange) {
        return VerifyResult.success();
    }

    @Override // org.apache.shenyu.plugin.sign.service.SignService
    public String getOuterPlatform() {
        return OpenOuterPlatformEnum.aliHealth.name();
    }
}
