package com.ohaotian.plugin.service;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.ohaotian.abilitycommon.api.AppApi;
import com.ohaotian.abilitycommon.config.zookeeper.NodeInfoConfig;
import com.ohaotian.abilitycommon.exception.AbilityException;
import com.ohaotian.abilitycommon.model.bo.AbilityPluginBO;
import com.ohaotian.abilitycommon.model.bo.AppBO;
import com.ohaotian.abilitycommon.model.bo.AppSecretBO;
import com.ohaotian.abilitycommon.model.bo.CodeMsg;
import com.ohaotian.abilitycommon.model.bo.system.MsgContext;
import com.ohaotian.abilitycommon.plugin.PluginA;
import com.ohaotian.plugin.config.JwtConfig;
import com.ohaotian.plugin.mapper.AbilityPluginJwtMapper;
import com.ohaotian.plugin.model.po.AbilityPluginJwtPO;
import com.ohaotian.plugin.util.MD5TokenUtil;
import com.ohaotian.plugin.util.RSAUtils;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import javax.annotation.Resource;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.stereotype.Service;

@Service("tokenPluginService")
/* loaded from: input_file:com/ohaotian/plugin/service/TokenPluginService.class */
public class TokenPluginService implements PluginA {
    private static final Logger log = LogManager.getLogger(TokenPluginService.class);

    @Resource
    NodeInfoConfig nodeInfoConfig;

    @Resource
    AbilityPluginJwtMapper abilityPluginJwtMapper;

    @Resource
    AppApi appApi;

    @Resource
    JwtConfig jwtConfig;

    public void doService(MsgContext msgContext) throws AbilityException {
        try {
            AbilityPluginBO abilityPluginBO = (AbilityPluginBO) msgContext.getEsbAbility().getAbilityPluginBOList().stream().filter(abilityPluginBO2 -> {
                return "token".equalsIgnoreCase(abilityPluginBO2.getPluginType());
            }).findAny().orElse(null);
            if (Objects.isNull(abilityPluginBO)) {
                log.debug("token校验插件-未订购");
                return;
            }
            AppBO app = msgContext.getSelfDefHeader().getApp();
            if (app != null) {
                AbilityPluginJwtPO abilityPluginJwtPO = new AbilityPluginJwtPO();
                abilityPluginJwtPO.setAbilityPluginId(abilityPluginBO.getAbilityPluginId());
                AbilityPluginJwtPO queryLimitOne = this.abilityPluginJwtMapper.queryLimitOne(abilityPluginJwtPO);
                Integer appCodeSource = msgContext.getEsbAbility().getAppCodeSource();
                if (appCodeSource.intValue() != 2) {
                    Map headersMap = msgContext.getTlogReqHeader().getHeadersMap();
                    String str = (String) headersMap.get("transId");
                    String str2 = (String) headersMap.get("timestamp");
                    String str3 = (String) headersMap.get("token");
                    String appCode = appCodeSource.intValue() == 0 ? app.getAppCode() : String.valueOf(json2Map(new String(msgContext.getTlogReqHeader().getReqData(), StandardCharsets.UTF_8)).get("appcode"));
                    if (this.jwtConfig.getTimestampEffect().booleanValue() && Math.abs(System.currentTimeMillis() - Long.parseLong(str2)) > this.jwtConfig.getValidTime().longValue()) {
                        log.debug("Token校验未通过-token已失效");
                        throw new AbilityException(CodeMsg.E_PLUGIN_ERROR.fillArgs(new Object[]{":TokenPluginService >>> Token校验未通过"}));
                    }
                    AppSecretBO selectByAppIdandClusterId = this.appApi.selectByAppIdandClusterId(app.getAppId(), this.nodeInfoConfig.getClusterId());
                    TreeMap treeMap = new TreeMap();
                    treeMap.put("appCode", appCode);
                    treeMap.put("transId", str);
                    treeMap.put("timestamp", str2);
                    treeMap.put("appSecret", selectByAppIdandClusterId.getAppSecret());
                    if (queryLimitOne.getEnhancedValidation().intValue() == 1) {
                        if (RSAUtils.verifySign(str3, treeMap, selectByAppIdandClusterId.getPublicSecrets())) {
                            log.debug("Token增强校验通过-token合法");
                            return;
                        } else {
                            log.debug("Token增强校验未通过-token不合法");
                            throw new AbilityException(CodeMsg.E_PLUGIN_ERROR.fillArgs(new Object[]{":TokenPluginService >>> Token校验未通过"}));
                        }
                    }
                    if (MD5TokenUtil.verifySign(str3, treeMap)) {
                        log.debug("Token校验通过-token合法");
                    } else {
                        log.debug("Token校验未通过-token不合法");
                        throw new AbilityException(CodeMsg.E_PLUGIN_ERROR.fillArgs(new Object[]{":TokenPluginService >>> Token校验未通过"}));
                    }
                }
            }
        } catch (AbilityException e) {
            log.error(e.codeMsg.getRspDesc());
            throw e;
        } catch (Exception e2) {
            log.error("Token校验未通过-Token校验异常:{}", e2);
            throw new AbilityException(CodeMsg.E_PLUGIN_ERROR.fillArgs(new Object[]{":TokenPluginService >>> Token校验未通过" + e2.getMessage()}));
        }
    }

    private Map json2Map(String str) throws IOException {
        return (Map) new ObjectMapper().readValue(str, Map.class);
    }
}
