package org.shoulder.crypto.negotiation.support.client;

import java.io.IOException;
import java.util.List;
import org.shoulder.crypto.asymmetric.exception.AsymmetricCryptoException;
import org.shoulder.crypto.negotiation.cache.NegotiationResultCache;
import org.shoulder.crypto.negotiation.cache.TransportCipherHolder;
import org.shoulder.crypto.negotiation.cipher.DefaultTransportCipher;
import org.shoulder.crypto.negotiation.constant.NegotiationConstants;
import org.shoulder.crypto.negotiation.dto.NegotiationResult;
import org.shoulder.crypto.negotiation.util.TransportCryptoUtil;
import org.shoulder.crypto.symmetric.exception.SymmetricCryptoException;
import org.shoulder.http.AppIdExtractor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.Ordered;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/shoulder/crypto/negotiation/support/client/SensitiveResponseDecryptInterceptor.class */
public class SensitiveResponseDecryptInterceptor implements ClientHttpRequestInterceptor, Ordered {
    private static final Logger log = LoggerFactory.getLogger(SensitiveResponseDecryptInterceptor.class);
    private final TransportCryptoUtil transportCryptoUtil;
    private final NegotiationResultCache negotiationResultCache;
    private final AppIdExtractor appIdExtractor;

    public SensitiveResponseDecryptInterceptor(TransportCryptoUtil transportCryptoUtil, NegotiationResultCache negotiationResultCache, AppIdExtractor appIdExtractor) {
        this.transportCryptoUtil = transportCryptoUtil;
        this.negotiationResultCache = negotiationResultCache;
        this.appIdExtractor = appIdExtractor;
    }

    /* JADX WARN: Finally extract failed */
    public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bArr, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
        ClientHttpResponse execute = clientHttpRequestExecution.execute(httpRequest, bArr);
        if (!CollectionUtils.isEmpty(execute.getHeaders().get(NegotiationConstants.NEGOTIATION_INVALID_TAG))) {
            String extract = this.appIdExtractor.extract(httpRequest.getURI());
            this.negotiationResultCache.delete(extract, true);
            NegotiationResultCache.CLIENT_LOCAL_CACHE.remove();
            List list = httpRequest.getHeaders().get(NegotiationConstants.SECURITY_SESSION_ID);
            log.warn("sensitive request to {} '{}' FAIL for response with a invalid xSessionId({}) mark, clean the negotiation cache.", new Object[]{extract, httpRequest.getURI(), CollectionUtils.isEmpty(list) ? "" : (String) list.get(0)});
        }
        HttpHeaders headers = execute.getHeaders();
        String first = headers.getFirst(NegotiationConstants.TOKEN);
        String first2 = headers.getFirst(NegotiationConstants.SECURITY_SESSION_ID);
        String first3 = headers.getFirst(NegotiationConstants.SECURITY_DATA_KEY);
        if (!StringUtils.isEmpty(first) && !StringUtils.isEmpty(first2)) {
            try {
                if (!StringUtils.isEmpty(first3)) {
                    try {
                        if (!this.transportCryptoUtil.verifyToken(first2, first3, first, NegotiationResultCache.CLIENT_LOCAL_CACHE.get().getPublicKey())) {
                            throw new RuntimeException("security token validate fail!");
                        }
                        NegotiationResult negotiationResult = NegotiationResultCache.CLIENT_LOCAL_CACHE.get();
                        if (negotiationResult == null) {
                            throw new IllegalStateException("keyExchangeInfo can't be null!");
                        }
                        TransportCipherHolder.setResponseCipher(DefaultTransportCipher.buildDecryptCipher(negotiationResult, TransportCryptoUtil.decryptDk(negotiationResult, first3)));
                        NegotiationResultCache.CLIENT_LOCAL_CACHE.remove();
                        return execute;
                    } catch (AsymmetricCryptoException e) {
                        log.warn("token validate fail!", e);
                        throw new RuntimeException("token validate fail!", e);
                    } catch (SymmetricCryptoException e2) {
                        log.warn("Decrypt xDk fail!", e2);
                        throw new RuntimeException("Decrypt xDk fail!", e2);
                    }
                }
            } catch (Throwable th) {
                NegotiationResultCache.CLIENT_LOCAL_CACHE.remove();
                throw th;
            }
        }
        return execute;
    }

    public int getOrder() {
        return -2147483618;
    }
}
