package net.takela.common.security.filter;

import jakarta.annotation.PostConstruct;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import net.takela.common.spring.exception.DataException;
import net.takela.common.spring.filter.HttpRequestCachedServlet;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:net/takela/common/security/filter/RequestParamSignAuthFilter.class */
public class RequestParamSignAuthFilter extends OncePerRequestFilter {
    private String signHeader;
    private String key;
    private String timestampHeader;
    private List<String> checkUrls;
    private List<String> uncheckUrls;
    private List<AntPathRequestMatcher> checkURLMatchers;
    private List<AntPathRequestMatcher> uncheckURLMatchers;
    private boolean enabled = true;
    private AntPathMatcher antPathMatcher = new AntPathMatcher();

    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public String getSignHeader() {
        return this.signHeader;
    }

    public void setSignHeader(String str) {
        this.signHeader = str;
    }

    public String getKey() {
        return this.key;
    }

    public void setKey(String str) {
        this.key = str;
    }

    public String getTimestampHeader() {
        return this.timestampHeader;
    }

    public void setTimestampHeader(String str) {
        this.timestampHeader = str;
    }

    public List<String> getCheckUrls() {
        return this.checkUrls;
    }

    public void setCheckUrls(List<String> list) {
        this.checkUrls = list;
    }

    public List<String> getUncheckUrls() {
        return this.uncheckUrls;
    }

    public void setUncheckUrls(List<String> list) {
        this.uncheckUrls = list;
    }

    @PostConstruct
    public void init() {
        this.checkURLMatchers = new ArrayList();
        if (this.checkUrls != null) {
            Iterator<String> it = this.checkUrls.iterator();
            while (it.hasNext()) {
                this.checkURLMatchers.add(new AntPathRequestMatcher(it.next()));
            }
        }
        this.uncheckURLMatchers = new ArrayList();
        if (this.uncheckUrls != null) {
            Iterator<String> it2 = this.uncheckUrls.iterator();
            while (it2.hasNext()) {
                this.uncheckURLMatchers.add(new AntPathRequestMatcher(it2.next()));
            }
        }
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException, DataException {
        if (!this.enabled) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        HttpRequestCachedServlet httpRequestCachedServlet = new HttpRequestCachedServlet(httpServletRequest);
        if (this.uncheckUrls.stream().anyMatch(str -> {
            return this.antPathMatcher.match(str, httpServletRequest.getRequestURI());
        })) {
            filterChain.doFilter(httpRequestCachedServlet, httpServletResponse);
            return;
        }
        if (!this.checkUrls.stream().anyMatch(str2 -> {
            return this.antPathMatcher.match(str2, httpServletRequest.getRequestURI());
        })) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader(this.timestampHeader);
        String header2 = httpServletRequest.getHeader(this.signHeader);
        if (StringUtils.isEmpty(header) || StringUtils.isEmpty(header2)) {
            throw new AuthenticationException("miss some header") { // from class: net.takela.common.security.filter.RequestParamSignAuthFilter.1
            };
        }
        String queryString = httpRequestCachedServlet.getQueryString();
        String str3 = null;
        if (httpRequestCachedServlet.getContentType() != null && httpRequestCachedServlet.getContentType().toLowerCase().contains("application/json")) {
            str3 = getBody(httpRequestCachedServlet.getInputStream());
        }
        String sha256Hex = DigestUtils.sha256Hex(this.key + (StringUtils.isEmpty(queryString) ? "" : queryString) + (StringUtils.isEmpty(str3) ? "" : str3) + header);
        if (header2 == null || !header2.equalsIgnoreCase(sha256Hex)) {
            throw new AuthenticationException("sign error") { // from class: net.takela.common.security.filter.RequestParamSignAuthFilter.2
            };
        }
        filterChain.doFilter(httpRequestCachedServlet, httpServletResponse);
    }

    private String getBody(InputStream inputStream) {
        StringBuilder sb = new StringBuilder();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
            char[] cArr = new char[1024];
            while (true) {
                int read = bufferedReader.read(cArr);
                if (read <= 0) {
                    break;
                }
                sb.append(cArr, 0, read);
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return sb.toString();
    }
}
