package com.ard.security.filter.sign;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.ard.security.config.LoadSecurityConfig;
import com.ard.security.config.SafeConfig;
import com.ard.security.config.SafeConstant;
import com.ard.security.config.status.SecurityStatus;
import com.ard.security.domain.AjaxResult;
import com.ard.security.exception.SecurityAuthException;
import com.ard.security.utils.StringUtils;
import com.ard.security.utils.sign.SignCommon;
import com.ard.security.utils.sm3.SM3Digest;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:com/ard/security/filter/sign/DataVerificationFilter.class */
public class DataVerificationFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(DataVerificationFilter.class);

    public DataVerificationFilter() {
    }

    public DataVerificationFilter(Map<String, Object> map) {
        if (map.containsKey(SafeConstant.PROJECT_CODE)) {
            LoadSecurityConfig.loadProjectKey(String.valueOf(map.get(SafeConstant.PROJECT_CODE)));
        }
        LoadSecurityConfig.loadDataVeriConf(Boolean.valueOf(String.valueOf(map.get(SafeConstant.DATA_VER_SWITCH))).booleanValue(), String.valueOf(map.get(SafeConstant.DATA_URLS_STR)));
    }

    public void init(FilterConfig filterConfig) {
        log.info(" * * * * * * * * * * * * * * * * 初始化验签过滤器 * * * * * * * * * * * * * * * * ");
        WebApplicationContext webApplicationContext = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext());
        LoadSecurityConfig.loadRedis(webApplicationContext);
        LoadSecurityConfig.loadDBSecurityConfigBean(webApplicationContext);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String servletPath = httpServletRequest.getServletPath();
        if (!"POST".equalsIgnoreCase(httpServletRequest.getMethod()) || !SafeConfig.VER_SWITCH || SafeConfig.DATA_INTEGRITY_WHITE_URLS.containsKey(servletPath)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            dataIntegrityVerification(httpServletRequest);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (SecurityAuthException e) {
            outWriter((HttpServletResponse) servletResponse, e);
        }
    }

    public void destroy() {
        log.info("= = = = = = = = = = = = = = = 销毁验签过滤器 = = = = = = = = = = = = = = ");
    }

    public void dataIntegrityVerification(HttpServletRequest httpServletRequest) {
        Map parameterMap = httpServletRequest.getParameterMap();
        if (null == parameterMap && parameterMap.size() < 1) {
            throw new SecurityAuthException(httpServletRequest, SecurityStatus.CODE_10003);
        }
        if (StringUtils.isNull(parameterMap.get(SafeConstant.SIGN_CF)) || StringUtils.isEmpty(((String[]) parameterMap.get(SafeConstant.SIGN_CF))[0])) {
            throw new SecurityAuthException(httpServletRequest, SecurityStatus.CODE_10008);
        }
        String str = ((String[]) parameterMap.get(SafeConstant.SIGN_CF))[0];
        verificationRequest(httpServletRequest, str);
        if (StringUtils.isNull(parameterMap.get(SafeConstant.SIGN_YQ)) || StringUtils.isEmpty(((String[]) parameterMap.get(SafeConstant.SIGN_YQ))[0])) {
            throw new SecurityAuthException(httpServletRequest, SecurityStatus.CODE_10008);
        }
        String str2 = ((String[]) parameterMap.get(SafeConstant.SIGN_YQ))[0];
        String generateSignData = generateSignData(str, JSON.toJSONString(parameterMap));
        try {
            String sm3Digest = SM3Digest.sm3Digest(generateSignData);
            if (str2.equalsIgnoreCase(sm3Digest)) {
                return;
            }
            log.info("当前请求路径：{}, 数据为：{}", httpServletRequest.getServletPath(), JSONObject.toJSONString(httpServletRequest.getParameterMap()));
            log.info("后台生产参数：{}", generateSignData);
            log.info("前台验签数据为：{}", str2);
            log.info("后台验签数据为：{}", sm3Digest);
            throw new SecurityAuthException(httpServletRequest, SecurityStatus.CODE_10004);
        } catch (Exception e) {
            throw new SecurityAuthException(httpServletRequest, SecurityStatus.CODE_10005);
        }
    }

    private String generateSignData(String str, String str2) {
        JSONObject parseObject = JSONObject.parseObject(str2);
        parseObject.remove(SafeConstant.SIGN_YQ);
        return SignCommon.replaceParam(str, JSON.toJSONString(parseObject, new SerializerFeature[]{SerializerFeature.MapSortField}));
    }

    public void verificationRequest(HttpServletRequest httpServletRequest, String str) {
        if (SafeConfig.redisTemplate != null) {
            if (SafeConfig.redisTemplate.hasKey(str).booleanValue()) {
                log.error(str + " ：已存在！");
                throw new SecurityAuthException(httpServletRequest, SecurityStatus.CODE_10007);
            }
            SafeConfig.redisTemplate.opsForValue().set(str, (Object) null, 180L, TimeUnit.SECONDS);
        }
    }

    public void outWriter(HttpServletResponse httpServletResponse, SecurityAuthException securityAuthException) throws IOException {
        httpServletResponse.setContentType("text/json; charset=UTF-8");
        httpServletResponse.getWriter().write(JSON.toJSONString(AjaxResult.error(securityAuthException.getSecurityStatus().getCode().intValue(), securityAuthException.getSecurityStatus().getMsg())));
        httpServletResponse.flushBuffer();
    }
}
