package org.apache.shenyu.plugin.sign.service;

import java.time.LocalDateTime;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiFunction;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shenyu.common.dto.AppAuthData;
import org.apache.shenyu.common.enums.OpenOuterPlatformEnum;
import org.apache.shenyu.common.enums.PluginEnum;
import org.apache.shenyu.common.exception.ShenyuException;
import org.apache.shenyu.common.utils.DateUtils;
import org.apache.shenyu.plugin.api.context.ShenyuContext;
import org.apache.shenyu.plugin.api.result.ShenyuResultEnum;
import org.apache.shenyu.plugin.base.utils.PathMatchUtils;
import org.apache.shenyu.plugin.sign.api.SignParameters;
import org.apache.shenyu.plugin.sign.api.VerifyResult;
import org.apache.shenyu.plugin.sign.api.VerifySupplier;
import org.apache.shenyu.plugin.sign.cache.SignAuthDataCache;
import org.apache.shenyu.plugin.sign.extractor.SignParameterExtractor;
import org.apache.shenyu.plugin.sign.provider.SignProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.server.ServerWebExchange;

/* loaded from: input_file:org/apache/shenyu/plugin/sign/service/ComposableSignService.class */
public class ComposableSignService implements SignService {
    private static final Logger LOG;

    @Value("${shenyu.sign.delay:5}")
    private int delay;
    private final SignParameterExtractor extractor;
    private final SignProvider signProvider;
    static final /* synthetic */ boolean $assertionsDisabled;

    public ComposableSignService(SignParameterExtractor signParameterExtractor, SignProvider signProvider) {
        this.extractor = signParameterExtractor;
        this.signProvider = signProvider;
    }

    @Override // org.apache.shenyu.plugin.sign.service.SignService
    public VerifyResult signatureVerify(ServerWebExchange serverWebExchange, String str) {
        return signatureVerify(serverWebExchange, (str2, signParameters) -> {
            return this.signProvider.generateSign(str2, signParameters, str);
        });
    }

    @Override // org.apache.shenyu.plugin.sign.service.SignService
    public VerifyResult signatureVerify(ServerWebExchange serverWebExchange) {
        SignProvider signProvider = this.signProvider;
        Objects.requireNonNull(signProvider);
        return signatureVerify(serverWebExchange, signProvider::generateSign);
    }

    @Override // org.apache.shenyu.plugin.sign.service.SignService
    public String getOuterPlatform() {
        return OpenOuterPlatformEnum.other.name();
    }

    private VerifyResult signatureVerify(ServerWebExchange serverWebExchange, BiFunction<String, SignParameters, String> biFunction) {
        ShenyuContext shenyuContext = (ShenyuContext) serverWebExchange.getAttribute("context");
        if (!$assertionsDisabled && shenyuContext == null) {
            throw new AssertionError();
        }
        SignParameters extract = this.extractor.extract(serverWebExchange.getRequest());
        AppAuthData appAuthData = (AppAuthData) Optional.ofNullable(extract.getAppKey()).map(str -> {
            return SignAuthDataCache.getInstance().obtainAuthData(str);
        }).orElse(null);
        VerifyResult verify = verify(extract, appAuthData, biFunction);
        if (verify.isSuccess()) {
            handleExchange(serverWebExchange, appAuthData, shenyuContext);
        }
        return verify;
    }

    private VerifyResult verify(SignParameters signParameters, AppAuthData appAuthData, BiFunction<String, SignParameters, String> biFunction) {
        return VerifySupplier.apply(() -> {
            return verifySignParameters(signParameters);
        }).and(() -> {
            return verifyExpires(signParameters);
        }).and(() -> {
            return verifyAuthConfig(appAuthData, signParameters);
        }).and(() -> {
            return verifyPath(appAuthData, signParameters);
        }).and(() -> {
            return verifySign(appAuthData.getAppSecret(), signParameters, biFunction);
        }).verify();
    }

    private VerifyResult verifyPath(AppAuthData appAuthData, SignParameters signParameters) {
        if (BooleanUtils.isNotTrue(appAuthData.getOpen())) {
            return VerifyResult.success();
        }
        List pathDataList = appAuthData.getPathDataList();
        if (CollectionUtils.isEmpty(pathDataList)) {
            LOG.error("You have not configured the sign path:{}", signParameters.getAppKey());
            return VerifyResult.fail("you have not configured the sign path.");
        }
        if (pathDataList.stream().filter((v0) -> {
            return v0.getEnabled();
        }).anyMatch(authPathData -> {
            return PathMatchUtils.match(authPathData.getPath(), signParameters.getUri().getRawPath());
        })) {
            return VerifyResult.success();
        }
        LOG.error("You have not configured the sign path:{},{}", signParameters.getAppKey(), signParameters.getUri().getRawPath());
        return VerifyResult.fail("you have not configured the sign path.");
    }

    private VerifyResult verifyAuthConfig(AppAuthData appAuthData, SignParameters signParameters) {
        if (!Objects.isNull(appAuthData) && !BooleanUtils.isFalse(appAuthData.getEnabled())) {
            return VerifyResult.success();
        }
        LOG.error("sign APP_KEY does not exist or has been disabled,{}", signParameters.getAppKey());
        return VerifyResult.fail("sign appKey does not exist.");
    }

    private VerifyResult verifySignParameters(SignParameters signParameters) {
        if (signParameters == SignParameters.VERSION_ERROR_PARAMETERS) {
            LOG.error("sign version does not exist or is wrong");
            return VerifyResult.fail("sign version does not exist or is wrong!");
        }
        if (StringUtils.isNoneBlank(new CharSequence[]{signParameters.getAppKey()}) && StringUtils.isNoneBlank(new CharSequence[]{signParameters.getTimestamp()}) && StringUtils.isNoneBlank(new CharSequence[]{signParameters.getSignature()})) {
            return VerifyResult.success();
        }
        LOG.error("sign parameters are incomplete,{}", signParameters);
        return VerifyResult.fail("sign parameters are incomplete!");
    }

    private VerifyResult verifyExpires(SignParameters signParameters) {
        return Math.abs(DateUtils.acquireMinutesBetween(DateUtils.formatLocalDateTimeFromTimestampBySystemTimezone(Long.valueOf(Long.parseLong(signParameters.getTimestamp()))), LocalDateTime.now())) <= ((long) this.delay) ? VerifyResult.success() : VerifyResult.fail(String.format(ShenyuResultEnum.SIGN_TIME_IS_TIMEOUT.getMsg(), Integer.valueOf(this.delay)));
    }

    private VerifyResult verifySign(String str, SignParameters signParameters, BiFunction<String, SignParameters, String> biFunction) {
        String apply = biFunction.apply(str, signParameters);
        if (Objects.equals(apply, signParameters.getSignature())) {
            return VerifyResult.success();
        }
        LOG.error("the SignUtils generated signature value is:{},the accepted value is:{}", apply, signParameters.getSignature());
        return VerifyResult.fail("signature value is error!");
    }

    private void handleExchange(ServerWebExchange serverWebExchange, AppAuthData appAuthData, ShenyuContext shenyuContext) {
        String module;
        List paramDataList = appAuthData.getParamDataList();
        if (CollectionUtils.isEmpty(paramDataList)) {
            return;
        }
        if (skipSignExchange(shenyuContext)) {
            String[] split = StringUtils.split(serverWebExchange.getRequest().getURI().getRawPath(), "/");
            if (ArrayUtils.isEmpty(split)) {
                throw new ShenyuException("Cannot find the context path(AppName) from the request url");
            }
            module = split[0];
        } else {
            module = shenyuContext.getModule();
        }
        String str = module;
        paramDataList.stream().filter(authParamData -> {
            return authParamData.getAppName().equals(str);
        }).map((v0) -> {
            return v0.getAppParam();
        }).filter(charSequence -> {
            return StringUtils.isNoneBlank(new CharSequence[]{charSequence});
        }).findFirst().ifPresent(str2 -> {
            serverWebExchange.getRequest().mutate().headers(httpHeaders -> {
                httpHeaders.set("appParam", str2);
            }).build();
        });
    }

    private boolean skipSignExchange(ShenyuContext shenyuContext) {
        return StringUtils.equals(String.format("%s-%s", PluginEnum.SPRING_CLOUD.getName(), shenyuContext.getRpcType()), shenyuContext.getModule()) || StringUtils.equals(String.format("%s-%s", PluginEnum.DIVIDE.getName(), shenyuContext.getRpcType()), shenyuContext.getModule()) || StringUtils.equals(String.format("%s-%s", PluginEnum.WEB_SOCKET.getName(), shenyuContext.getRpcType()), shenyuContext.getModule());
    }

    static {
        $assertionsDisabled = !ComposableSignService.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(ComposableSignService.class);
    }
}
