package com.yonyou.iuap.generic.filter;

import com.yonyou.iuap.generic.utils.PropertiesUtils;
import com.yonyou.iuap.generic.verifier.DigestVerifier;
import com.yonyou.iuap.security.rest.api.Verifier;
import com.yonyou.iuap.security.rest.common.Credential;
import com.yonyou.iuap.security.rest.common.SignProp;
import com.yonyou.iuap.security.rest.exception.UAPSecurityException;
import com.yonyou.iuap.security.rest.factory.ServerVerifyFactory;
import com.yonyou.iuap.security.rest.rsa.server.RSAServerVerfier;
import com.yonyou.iuap.security.rest.utils.ClientCredentialGenerator;
import com.yonyou.iuap.security.rest.utils.PostParamsHelper;
import com.yonyou.iuap.security.rest.utils.SignPropGenerator;
import java.io.IOException;
import java.net.MalformedURLException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yonyou/iuap/generic/filter/SignAuthFilter.class */
public class SignAuthFilter extends AccessControlFilter {
    private static final long DEFAULT_EXPIRED = 300000;
    private static final Logger log = LoggerFactory.getLogger(SignAuthFilter.class);
    public static String prefix = null;
    public static String authFilePath = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/yonyou/iuap/generic/filter/SignAuthFilter$ServerVirifyFactory.class */
    public class ServerVirifyFactory extends ServerVerifyFactory {
        ServerVirifyFactory() {
        }

        protected Credential genCredential(String str) {
            try {
                return ClientCredentialGenerator.loadCredential(StringUtils.isNotEmpty(SignAuthFilter.authFilePath) ? SignAuthFilter.authFilePath : PropertiesUtils.getCustomerProperty(SignAuthFilter.prefix + ".client.credential.path"));
            } catch (UAPSecurityException e) {
                SignAuthFilter.log.error(e.getMessage(), e);
                return null;
            } catch (IOException e2) {
                SignAuthFilter.log.error("Load properties failed, may client certificate doesn't exist!");
                return null;
            }
        }

        public Verifier getVerifier(String str) throws UAPSecurityException {
            try {
                String localProperty = PropertiesUtils.getLocalProperty("UAP.AUTH.ALG");
                if ("HMAC".equals(localProperty)) {
                    return new DigestVerifier(genCredential(str));
                }
                if ("RSA".equals(localProperty)) {
                    return new RSAServerVerfier(genCredential(str));
                }
                throw new UAPSecurityException("签名算法" + localProperty + "不匹配!");
            } catch (IOException e) {
                SignAuthFilter.log.error("Load property AUTH_ALG failed, May properties doesn't exist!", e);
                throw new UAPSecurityException(e);
            }
        }
    }

    public static void setPrefix(String str) {
        prefix = str;
    }

    public static void setAuthFilePath(String str) {
        authFilePath = str;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (!(servletRequest instanceof HttpServletRequest)) {
            return false;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("sign");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getParameter("sign");
        }
        String header2 = httpServletRequest.getHeader("appId");
        if (StringUtils.isEmpty(header2)) {
            header2 = httpServletRequest.getParameter("appId");
        }
        if (header == null || header2 == null) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setStatus(400);
            httpServletResponse.addHeader("Send event message validate error", " 400 , method not allowed, please check called paramaters !");
            httpServletResponse.getWriter().write("Method not allowed, please check called paramaters !");
            return false;
        }
        String parameter = httpServletRequest.getParameter("ts");
        if (StringUtils.isNumeric(parameter)) {
            if (System.currentTimeMillis() - Long.parseLong(parameter) > DEFAULT_EXPIRED) {
                HttpServletResponse httpServletResponse2 = (HttpServletResponse) servletResponse;
                httpServletResponse2.setStatus(400);
                httpServletResponse2.addHeader("send message validate error", " 400 ,请求超时");
                httpServletResponse2.getWriter().write(" over time");
                return false;
            }
        }
        boolean ValidatorUrl = ValidatorUrl(httpServletRequest);
        if (ValidatorUrl) {
            return ValidatorUrl;
        }
        HttpServletResponse httpServletResponse3 = (HttpServletResponse) servletResponse;
        httpServletResponse3.setStatus(400);
        httpServletResponse3.addHeader("Send event message validate error", " 400 , method not allowed, please check called paramaters !");
        httpServletResponse3.getWriter().write("Method not allowed, please check called paramaters !");
        return false;
    }

    private boolean ValidatorUrl(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("sign");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getParameter("sign");
        }
        String header2 = httpServletRequest.getHeader("appId");
        if (StringUtils.isEmpty(header2)) {
            header2 = httpServletRequest.getParameter("appId");
        }
        if (!StringUtils.isNotEmpty(header) || !StringUtils.isNotEmpty(header2)) {
            return false;
        }
        try {
            String stringBuffer = httpServletRequest.getRequestURL().toString();
            if (StringUtils.isNotBlank(httpServletRequest.getQueryString())) {
                stringBuffer = stringBuffer + "?" + httpServletRequest.getQueryString();
            }
            SignProp genSignProp = SignPropGenerator.genSignProp(stringBuffer);
            if (httpServletRequest.getMethod().endsWith("POST")) {
                genSignProp.setPostParamsStr(PostParamsHelper.genParamsStrByReqeust(httpServletRequest));
                genSignProp.setContentLength(httpServletRequest.getContentLength());
            }
            return new ServerVirifyFactory().getVerifier(header2).verify(header, genSignProp);
        } catch (MalformedURLException e) {
            log.error(e.getMessage(), e);
            return false;
        } catch (UAPSecurityException e2) {
            log.error(e2.getMessage(), e2);
            return false;
        }
    }
}
