package com.openapi.server.filter;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.google.common.net.HttpHeaders;
import com.openapi.interfaces.constants.RequestSystemParams;
import com.openapi.interfaces.dto.OpenApiAppTenantDto;
import com.openapi.interfaces.utils.MyRequestWrapper;
import com.openapi.interfaces.utils.SignUtils;
import com.openapi.server.dao.mapper.OpenApiSignMapper;
import com.openapi.server.intecepter.AdminInterceptor;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

@WebFilter(filterName = "request", urlPatterns = {"/**"})
@Component
/* loaded from: input_file:BOOT-INF/classes/com/openapi/server/filter/RequestFilter.class */
public class RequestFilter implements Filter {
    Logger logger = LoggerFactory.getLogger((Class<?>) AdminInterceptor.class);

    @Autowired
    private OpenApiSignMapper openApiSignMapper;

    @Value("#{'${whiteIp.list:}'.empty ? null : '${whiteIp.list:}'.split(',')}")
    private List<String> ipWhiteList;
    private static final Set<String> ALLOWED_PATHS = Collections.unmodifiableSet(new HashSet(Arrays.asList("/request/record/**", "/api/health_check", "/v1.0.0/benefit/add", "/v1.0.0/benefit/activate", "/goods/batchGoodsOnline", "/goods/batchGoodsOffline")));

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestURI = httpServletRequest.getRequestURI();
        String remortIP = getRemortIP(httpServletRequest);
        this.logger.info("realIP：{}", remortIP);
        if (allowAccess(requestURI)) {
            this.logger.info("白名单请求：{}", requestURI);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (null != this.ipWhiteList && !this.ipWhiteList.isEmpty()) {
            if (this.ipWhiteList.contains("0.0.0.0")) {
                this.logger.info("0.0.0.0 ip白名单，放行：{}", remortIP);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } else if (this.ipWhiteList.contains(remortIP)) {
                this.logger.info("ip白名单，放行：{}", remortIP);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
        }
        MyRequestWrapper myRequestWrapper = null;
        if (servletRequest instanceof HttpServletRequest) {
            myRequestWrapper = new MyRequestWrapper((HttpServletRequest) servletRequest);
            if (!signCheck(myRequestWrapper).booleanValue()) {
                myRequestWrapper.getRequestDispatcher("/attestation/error").forward(myRequestWrapper, servletResponse);
                return;
            }
        }
        if (myRequestWrapper == null) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            filterChain.doFilter(myRequestWrapper, servletResponse);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v54, types: [java.util.Map] */
    private Boolean signCheck(MyRequestWrapper myRequestWrapper) {
        String header = myRequestWrapper.getHeader(RequestSystemParams.TIMESTAMP);
        String header2 = myRequestWrapper.getHeader(RequestSystemParams.APP_ID);
        String header3 = myRequestWrapper.getHeader(RequestSystemParams.SIGN);
        String header4 = myRequestWrapper.getHeader(RequestSystemParams.MCH_ID);
        String header5 = myRequestWrapper.getHeader("appSecret");
        String body = myRequestWrapper.getBody();
        if (StringUtils.isBlank(header) || StringUtils.isBlank(header3)) {
            return false;
        }
        if (header.equals("1") && header3.equals("1")) {
            return true;
        }
        HashMap hashMap = new HashMap();
        Object parse = JSONObject.parse(body);
        if (parse instanceof JSONObject) {
            hashMap = (Map) JSON.parseObject(body, HashMap.class);
        } else {
            if (!(parse instanceof JSONArray)) {
                this.logger.info("不正确的类型");
                return false;
            }
            hashMap.put("body", body);
        }
        hashMap.put(RequestSystemParams.TIMESTAMP, header);
        hashMap.put(RequestSystemParams.APP_ID, header2);
        hashMap.put(RequestSystemParams.SIGN, header3);
        hashMap.put(RequestSystemParams.MCH_ID, header4);
        hashMap.put("appSecret", header5);
        this.logger.info("reqMap>>>>>>>>>>>>>>>>{}" + hashMap);
        Boolean checkToken = checkToken(hashMap);
        if (checkToken.booleanValue()) {
            this.logger.info(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>验签成功>>>>>>>>>>>>>>>>>>>>>>>>>>>>\nimeStamp,appId,sign,tenantId,appSecret>>>>>>>>>>>>>>{}.{},{},{},{}", header, header2, header3, header4, header5);
        }
        return checkToken;
    }

    private Boolean checkToken(Map<String, Object> map) {
        String str = (String) map.get(RequestSystemParams.TIMESTAMP);
        String str2 = (String) map.get(RequestSystemParams.APP_ID);
        String str3 = (String) map.get(RequestSystemParams.SIGN);
        String str4 = (String) map.get(RequestSystemParams.MCH_ID);
        String str5 = (String) map.get("appSecret");
        if (StringUtils.isAnyBlank(str, str2, str3, str4, str5)) {
            this.logger.error("timeStamp,appId,sign,tenantId,appSecret>>>>>>>>>>>>>>{},{},{},{},{}", str, str2, str3, str4, str5);
            return false;
        }
        OpenApiAppTenantDto openApiAppTenant = this.openApiSignMapper.getOpenApiAppTenant(str2, str4, str5);
        if (null == openApiAppTenant) {
            return false;
        }
        this.logger.info("openApiAppTenant实体{}" + openApiAppTenant);
        String signKey = openApiAppTenant.getSignKey();
        long currentTimeMillis = System.currentTimeMillis();
        long parseLong = Long.parseLong(str);
        if (currentTimeMillis - parseLong <= 1800000000) {
            return Boolean.valueOf(SignUtils.checkSign(signKey, map));
        }
        this.logger.error("时间戳已过期[{}][{}][{}]", Long.valueOf(currentTimeMillis), Long.valueOf(parseLong), Long.valueOf(currentTimeMillis - parseLong));
        return false;
    }

    private boolean allowAccess(String str) {
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        Iterator<String> it = ALLOWED_PATHS.iterator();
        while (it.hasNext()) {
            if (antPathMatcher.match(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    public String getRemortIP(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Real-IP");
        String header2 = httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_FOR);
        if (StringUtils.isNotEmpty(header2) && !"unKnown".equalsIgnoreCase(header2)) {
            int indexOf = header2.indexOf(",");
            return indexOf != -1 ? header2.substring(0, indexOf) : header2;
        }
        String str = header;
        if (StringUtils.isNotEmpty(str) && !"unKnown".equalsIgnoreCase(str)) {
            return str;
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getHeader("Proxy-Client-IP");
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getHeader("WL-Proxy-Client-IP");
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getHeader("HTTP_CLIENT_IP");
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getRemoteAddr();
        }
        return str;
    }
}
