package cn.patterncat.rsq.component.security.policy;

import cn.patterncat.rsq.component.exception.InvalidAccessException;
import cn.patterncat.rsq.domain.pg.AppInfo;
import cn.patterncat.rsq.model.HttpConstants;
import cn.patterncat.rsq.model.QueryAuthInfo;
import cn.patterncat.rsq.model.QueryAuthType;
import cn.patterncat.rsq.service.AppInfoService;
import cn.patterncat.rsq.util.ServletUtil;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.CollectionUtils;
import org.springframework.web.servlet.HandlerMapping;

/* loaded from: input_file:cn/patterncat/rsq/component/security/policy/AppIdKeyPolicy.class */
public class AppIdKeyPolicy implements AuthPolicy {
    public static final String SIGN_FORMAT = "appKey=%s&queryId=%s&timestamp=%d";

    @Autowired
    AppInfoService appInfoService;

    @Override // cn.patterncat.rsq.component.security.policy.AuthPolicy
    public boolean match(QueryAuthType queryAuthType) {
        return QueryAuthType.APP_ID_KEY == queryAuthType;
    }

    @Override // cn.patterncat.rsq.component.security.policy.AuthPolicy
    public void auth(QueryAuthInfo queryAuthInfo) throws InvalidAccessException {
        if (CollectionUtils.isEmpty(queryAuthInfo.getAppIds())) {
            return;
        }
        HttpServletRequest request = ServletUtil.getRequest();
        Map map = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
        if (map == null) {
            return;
        }
        String str = (String) map.get(HttpConstants.QUERY_ID);
        if (StringUtils.isBlank(str)) {
            throw new InvalidAccessException("queryId非法");
        }
        String parameter = request.getParameter(HttpConstants.APP_ID);
        if (StringUtils.isBlank(parameter) || !queryAuthInfo.getAppIds().contains(parameter)) {
            throw new InvalidAccessException("appId非法");
        }
        AppInfo findByAppId = this.appInfoService.findByAppId(parameter);
        if (findByAppId == null) {
            throw new InvalidAccessException("appId非法");
        }
        if (queryAuthInfo.isValidateSign()) {
            String parameter2 = request.getParameter(HttpConstants.TIMESTAMP);
            if (!StringUtils.isNumeric(parameter2)) {
                throw new IllegalArgumentException("timestamp非法");
            }
            long parseLong = Long.parseLong(parameter2);
            if (TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - parseLong) > queryAuthInfo.getTimeoutSecs()) {
                throw new InvalidAccessException("timestamp非法");
            }
            String parameter3 = request.getParameter(HttpConstants.SIGN);
            if (StringUtils.isBlank(parameter3)) {
                throw new IllegalArgumentException("sign不能为空");
            }
            if (!generateSign(findByAppId.getAppKey(), str, parseLong).equals(parameter3)) {
                throw new InvalidAccessException("sign非法");
            }
        }
    }

    public static String generateSign(String str, String str2, long j) {
        return DigestUtils.md5Hex(String.format(SIGN_FORMAT, str, str2, Long.valueOf(j))).toLowerCase();
    }
}
