package cn.hiboot.mcn.autoconfigure.web.filter.integrity;

import cn.hiboot.mcn.autoconfigure.web.filter.common.JsonRequestHelper;
import cn.hiboot.mcn.autoconfigure.web.filter.common.RequestMatcher;
import cn.hiboot.mcn.autoconfigure.web.filter.common.servlet.RequestPayloadRequestWrapper;
import cn.hiboot.mcn.autoconfigure.web.mvc.WebUtils;
import cn.hiboot.mcn.core.util.McnUtils;
import cn.hutool.core.util.StrUtil;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.Part;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.Ordered;

/* loaded from: input_file:cn/hiboot/mcn/autoconfigure/web/filter/integrity/DataIntegrityFilter.class */
public class DataIntegrityFilter implements Filter, Ordered {
    private final Logger log = LoggerFactory.getLogger(DataIntegrityFilter.class);
    private final DataIntegrityProperties dataIntegrityProperties;
    private final RequestMatcher requestMatcher;

    public DataIntegrityFilter(DataIntegrityProperties dataIntegrityProperties) {
        this.dataIntegrityProperties = dataIntegrityProperties;
        this.requestMatcher = new RequestMatcher(dataIntegrityProperties.getIncludePatterns(), dataIntegrityProperties.getExcludePatterns()).enableDefaultExclude();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (this.requestMatcher.matches(httpServletRequest)) {
            String header = httpServletRequest.getHeader("TSM");
            if (header == null) {
                header = httpServletRequest.getHeader("timestamp");
            }
            String header2 = httpServletRequest.getHeader("nonceStr");
            String header3 = httpServletRequest.getHeader("signature");
            if (StrUtil.isEmpty(header)) {
                WebUtils.failed("验证失败,无效的时间戳", (HttpServletResponse) servletResponse);
                return;
            }
            if (this.dataIntegrityProperties.isCheckReplay()) {
                if (System.currentTimeMillis() - Long.parseLong(header) > this.dataIntegrityProperties.getTimeout().toMillis()) {
                    WebUtils.failed("验证失败,时间戳过期", (HttpServletResponse) servletResponse);
                    return;
                }
            }
            String str = null;
            if (JsonRequestHelper.isJsonRequest(httpServletRequest)) {
                ServletRequest requestPayloadRequestWrapper = new RequestPayloadRequestWrapper(httpServletRequest);
                str = requestPayloadRequestWrapper.getPayload();
                if (!str.isEmpty()) {
                    servletRequest = requestPayloadRequestWrapper;
                }
            }
            if (isInValid(header3, header, header2, httpServletRequest, str)) {
                WebUtils.failed("验证失败,数据被篡改", (HttpServletResponse) servletResponse);
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean isInValid(String str, String str2, String str3, HttpServletRequest httpServletRequest, String str4) {
        if (StrUtil.isEmpty(str)) {
            return true;
        }
        HashMap hashMap = new HashMap();
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str5 = (String) parameterNames.nextElement();
            String[] parameterValues = httpServletRequest.getParameterValues(str5);
            hashMap.put(str5, parameterValues[parameterValues.length - 1]);
        }
        String str6 = null;
        if (httpServletRequest.getContentType() != null && httpServletRequest.getContentType().contains("multipart/form-data") && this.dataIntegrityProperties.isCheckUpload()) {
            str6 = parseUpload(httpServletRequest);
        }
        String signature = DataIntegrityUtils.signature(str2, str3, hashMap, str6, str4);
        if (Objects.equals(str, signature)) {
            return false;
        }
        this.log.error("kv param = {},payload = {},fileInfo = {},signature = {}", new Object[]{hashMap, str4, str6, signature});
        return true;
    }

    public int getOrder() {
        return this.dataIntegrityProperties.getOrder();
    }

    private String parseUpload(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        try {
            for (Part part : httpServletRequest.getParts()) {
                sb.append(DataIntegrityUtils.md5UploadFile(McnUtils.copyToByteArray(part.getInputStream()), part.getSubmittedFileName())).append("&");
            }
        } catch (Throwable th) {
        }
        return !sb.isEmpty() ? sb.substring(0, sb.length() - 1) : sb.toString();
    }
}
