package org.shoulder.crypto.negotiation.support;

import java.io.IOException;
import java.lang.reflect.Type;
import java.net.URI;
import java.util.LinkedList;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.shoulder.core.log.Logger;
import org.shoulder.core.log.LoggerFactory;
import org.shoulder.crypto.asymmetric.exception.AsymmetricCryptoException;
import org.shoulder.crypto.negotiation.cache.NegotiationResultCache;
import org.shoulder.crypto.negotiation.cache.TransportCipherHolder;
import org.shoulder.crypto.negotiation.cipher.DefaultTransportCipher;
import org.shoulder.crypto.negotiation.constant.NegotiationConstants;
import org.shoulder.crypto.negotiation.dto.NegotiationResult;
import org.shoulder.crypto.negotiation.exception.NegotiationException;
import org.shoulder.crypto.negotiation.support.service.TransportNegotiationService;
import org.shoulder.crypto.negotiation.util.TransportCryptoUtil;
import org.shoulder.crypto.symmetric.exception.SymmetricCryptoException;
import org.shoulder.http.AppIdExtractor;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.util.CollectionUtils;
import org.springframework.web.client.RequestCallback;
import org.springframework.web.client.ResponseExtractor;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/shoulder/crypto/negotiation/support/SecurityRestTemplate.class */
public class SecurityRestTemplate extends RestTemplate {
    private static final Logger log = LoggerFactory.getLogger(SecurityRestTemplate.class);
    private static final ThreadLocal<URI> URI_LOCAL = new ThreadLocal<>();
    private final TransportNegotiationService transportNegotiationService;
    private final TransportCryptoUtil cryptoUtil;
    private final NegotiationResultCache negotiationResultCache;
    private final AppIdExtractor appIdExtractor;

    /* loaded from: input_file:org/shoulder/crypto/negotiation/support/SecurityRestTemplate$EnsureNegotiatedRequestCallback.class */
    private static class EnsureNegotiatedRequestCallback implements RequestCallback {
        private final TransportNegotiationService transportNegotiationService;
        private final TransportCryptoUtil cryptoUtil;
        private RequestCallback delegate;

        public EnsureNegotiatedRequestCallback(RequestCallback requestCallback, TransportNegotiationService transportNegotiationService, TransportCryptoUtil transportCryptoUtil) {
            this.delegate = requestCallback;
            this.transportNegotiationService = transportNegotiationService;
            this.cryptoUtil = transportCryptoUtil;
        }

        public void doWithRequest(@Nonnull ClientHttpRequest clientHttpRequest) throws IOException {
            try {
                HttpHeaders negotiateBeforeExecute = negotiateBeforeExecute(SecurityRestTemplate.URI_LOCAL.get());
                HttpHeaders headers = clientHttpRequest.getHeaders();
                negotiateBeforeExecute.forEach((str, list) -> {
                    headers.put(str, new LinkedList(list));
                });
                this.delegate.doWithRequest(clientHttpRequest);
            } catch (SymmetricCryptoException | AsymmetricCryptoException e) {
                throw new RestClientException("Negotiate FAIL before doExecute!", e);
            }
        }

        private HttpHeaders negotiateBeforeExecute(URI uri) throws SymmetricCryptoException, AsymmetricCryptoException {
            int i = 0;
            NegotiationResult negotiationResult = null;
            while (negotiationResult == null) {
                negotiationResult = negotiate(uri, i);
                NegotiationResultCache.CLIENT_LOCAL_CACHE.set(negotiationResult);
                i++;
            }
            byte[] generateDataKey = TransportCryptoUtil.generateDataKey(negotiationResult.getKeyLength());
            TransportCipherHolder.setRequestCipher(DefaultTransportCipher.buildEncryptCipher(negotiationResult, generateDataKey));
            return this.cryptoUtil.generateHeaders(negotiationResult, generateDataKey);
        }

        private NegotiationResult negotiate(URI uri, int i) {
            if (i >= 2) {
                SecurityRestTemplate.log.error("check secure session exceed the max time(2), FAIL! uri={}", uri);
                throw new IllegalStateException("check secure session exceed the max time(2), FAIL! uri=" + String.valueOf(uri));
            }
            try {
                return this.transportNegotiationService.requestForNegotiate(uri);
            } catch (NegotiationException e) {
                SecurityRestTemplate.log.warn("Try negotiate FAIL with '{}', time({})", new Object[]{uri, Integer.valueOf(i), e});
                return null;
            }
        }
    }

    public SecurityRestTemplate(TransportNegotiationService transportNegotiationService, TransportCryptoUtil transportCryptoUtil, NegotiationResultCache negotiationResultCache, AppIdExtractor appIdExtractor) {
        this.transportNegotiationService = transportNegotiationService;
        this.cryptoUtil = transportCryptoUtil;
        this.negotiationResultCache = negotiationResultCache;
        this.appIdExtractor = appIdExtractor;
    }

    @Nullable
    protected <T> T doExecute(URI uri, @Nullable HttpMethod httpMethod, @Nullable RequestCallback requestCallback, @Nullable ResponseExtractor<T> responseExtractor) throws RestClientException {
        if (this.transportNegotiationService.isNegotiationUrl(uri)) {
            return (T) super.doExecute(uri, httpMethod, requestCallback, responseExtractor);
        }
        URI_LOCAL.set(uri);
        Object doExecute = super.doExecute(uri, httpMethod, requestCallback, responseExtractor);
        if ((doExecute instanceof ResponseEntity) && !CollectionUtils.isEmpty(((ResponseEntity) doExecute).getHeaders().get(NegotiationConstants.NEGOTIATION_INVALID_TAG))) {
            this.negotiationResultCache.delete(this.appIdExtractor.extract(uri), true);
            NegotiationResultCache.CLIENT_LOCAL_CACHE.remove();
            NegotiationResultCache.CLIENT_LOCAL_CACHE.remove();
            log.info("sensitive request FAIL for response with a invalid negotiation(xSessionId) mark, negotiate and retry once.");
            doExecute = super.doExecute(uri, httpMethod, requestCallback, responseExtractor);
        }
        URI_LOCAL.remove();
        return (T) doExecute;
    }

    @Nonnull
    public <T> RequestCallback httpEntityCallback(@Nullable Object obj) {
        return new EnsureNegotiatedRequestCallback(super.httpEntityCallback(obj), this.transportNegotiationService, this.cryptoUtil);
    }

    @Nonnull
    public <T> RequestCallback httpEntityCallback(@Nullable Object obj, @Nonnull Type type) {
        return new EnsureNegotiatedRequestCallback(super.httpEntityCallback(obj, type), this.transportNegotiationService, this.cryptoUtil);
    }
}
